aboot : mdtp: fixed information leak Added validation to number of images read from mdtp image Change-Id: I21b28fbf8a68e3bbefde38f0da7fa9f8ccd7db13

commit: 9d635ede78422d665afcaf3e4257b09774a88856 [log] [tgz]
author: Brahmaji K <bkomma@codeaurora.org> Fri Jun 23 13:10:57 2017 +0530
committer: Gerrit - the friendly Code Review server <code-review@localhost> Thu Nov 30 23:18:08 2017 -0800
tree: e0fe68f43f17840c15b26f3f550672b84a994018
parent: 7e40ad214be6fdcce7d0e21c09b92977fe6d810a [diff] [blame]
diff --git a/app/aboot/mdtp_fs.c b/app/aboot/mdtp_fs.c
index 39f456a..1c1ea44 100644
--- a/app/aboot/mdtp_fs.c
+++ b/app/aboot/mdtp_fs.c

@@ -1,4 +1,4 @@
-/* Copyright (c) 2015-2016, The Linux Foundation. All rights reserved.
+/* Copyright (c) 2015-2017, The Linux Foundation. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
@@ -147,7 +147,7 @@
 	}
 
 	image_sets_num = mdtp_fs_get_param(IMAGE_SETS_NUM);
-	if (image_sets_num < 1) {
+	if ( (image_sets_num < 1) || (image_sets_num >= MAX_IMAGES) ) {
 		dprintf(CRITICAL, "ERROR: invalid number of image sets: %d\n", image_sets_num);
 		return -1;
 	}
commit	9d635ede78422d665afcaf3e4257b09774a88856	[log] [tgz]
author	Brahmaji K <bkomma@codeaurora.org>	Fri Jun 23 13:10:57 2017 +0530
committer	Gerrit - the friendly Code Review server <code-review@localhost>	Thu Nov 30 23:18:08 2017 -0800
tree	e0fe68f43f17840c15b26f3f550672b84a994018
parent	7e40ad214be6fdcce7d0e21c09b92977fe6d810a [diff] [blame]