app: aboot: add check on size of atags
Added check on tags size while updating the atags,
it can cross the max size allowed and overwrite
kernel region.
Change-Id: Id4750f7cd5daa3d5f0d93950bb1a24016adfd9b7
diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index 892ec72..6ac4a14 100644
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -708,7 +708,7 @@
void generate_atags(unsigned *ptr, const char *cmdline,
void *ramdisk, unsigned ramdisk_size)
{
-
+ unsigned *orig_ptr = ptr;
ptr = atag_core(ptr);
ptr = atag_ramdisk(ptr, ramdisk, ramdisk_size);
ptr = target_atag_mem(ptr);
@@ -718,8 +718,18 @@
ptr = atag_ptable(&ptr);
}
- ptr = atag_cmdline(ptr, cmdline);
- ptr = atag_end(ptr);
+ /*
+ * Atags size filled till + cmdline size + 1 unsigned for 4-byte boundary + 4 unsigned
+ * for atag identifier in atag_cmdline and atag_end should be with in MAX_TAGS_SIZE bytes
+ */
+ if (((ptr - orig_ptr) + strlen(cmdline) + 5 * sizeof(unsigned)) < MAX_TAGS_SIZE) {
+ ptr = atag_cmdline(ptr, cmdline);
+ ptr = atag_end(ptr);
+ }
+ else {
+ dprintf(CRITICAL,"Crossing ATAGs Max size allowed\n");
+ ASSERT(0);
+ }
}
typedef void entry_func_ptr(unsigned, unsigned, unsigned*);