Sysupgrade: Fixing kw issues for buffer overflow.

Kw issues occurred with below message: "Array 'buf'of size 256 may use index value(s) -2..0". In order to fix this issue, error message will be returned with array index out of index if buffer size isless than 0 or if it increases buffer size. Change-Id: I5a7885b0ee2fd6e9c0ac3083b28366f1ae5ceaee Signed-off-by: Avinash Pandey <avinasv@codeaurora.org>
2025-12-10 07:44:53 +01:00 · 2018-03-09 12:16:45 +05:30 · 2018-03-09 12:16:45 +05:30 · a14e102f05
commit a14e102f05
parent 900f4e4d7d
1 changed files with 16 additions and 3 deletions
--- a/tools/sysupgrade.c
+++ b/tools/sysupgrade.c
@ -1427,28 +1427,41 @@ int is_image_authenticated(void)
 int sec_image_auth()
 {
 	int fd, i, len;
-	char buf[256];
+	char *buf = NULL;

 	fd = open(SEC_AUTHENTICATE_FILE, O_RDWR);
 	if (-1 == fd) {
 		perror(SEC_AUTHENTICATE_FILE);
 		return 1;
 	}
-
+	buf = (char*)malloc(SIG_SIZE);
+	if (buf == NULL) {
+		perror("Memory allocation failed\n");
+		close(fd);
+		return 1;
+	}
 	for (i = 0; i < NO_OF_SECTIONS; i++) {
 		if (!sections[i].is_present) {
 			continue;
 		}

-		len = snprintf(buf, sizeof(buf), "%s %s", sections[i].img_code, sections[i].file);
+		len = snprintf(buf, SIG_SIZE, "%s %s", sections[i].img_code, sections[i].file);
+		if (len < 0 || len > SIG_SIZE) {
+			perror("Array out of Index\n");
+			free(buf);
+			close(fd);
+			return 1;
+		}
 		if (write(fd, buf, len) != len) {
 			perror("write");
+			free(buf);
 			close(fd);
 			printf("%s Image authentication failed\n", buf);
 			return 1;
 		}
 	}
 	close(fd);
+	free(buf);
 	return 0;
 }