commit 056ed0bd452e959446a2675bc7f8d3b576a9aca6
author Tamas Ban <tamas.ban@arm.com> Mon Sep 16 12:48:32 2019 +0100
committer Tamas Ban <tamas.ban@arm.com> Wed Oct 02 10:21:56 2019 +0200
tree 6b64311eeea3025bbc50dc9309812d0accebc194
parent 576aaf978f79dfd5ff0d96e847b770f213b8cb33

Boot: Check integer overflow

Validate the input parameters from users, which comes
in the image header and image metadata (TLV) section,
to avoid integer overflow.

Change-Id: I1d1a48e8dbda2ced2620aa9fb19fda3bfbd801ab
Signed-off-by: Tamas Ban <tamas.ban@arm.com>

bl2/ext/mcuboot/bootutil/src/bootutil_misc.c

diff --git a/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c b/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
index 08f2a3c..f83db99 100644
--- a/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
+++ b/bl2/ext/mcuboot/bootutil/src/bootutil_misc.c
@@ -28,6 +28,7 @@
 #include <string.h>
 #include <inttypes.h>
 #include <stddef.h>
+#include <stdbool.h>
 
 #include "flash_map/flash_map.h"
 #include "bootutil/image.h"
@@ -721,3 +722,33 @@
     return 0;
 }
 #endif /* BOOT_IMAGE_NUMBER > 1 */
+
+/**
+ * Checks whether on overflow can happen during a summation operation
+ *
+ * @param  a  First operand of summation
+ *
+ * @param  b  Second operand of summation
+ *
+ * @return    True in case of overflow, false otherwise
+ */
+bool
+boot_add_uint32_overflow_check(uint32_t a, uint32_t b)
+{
+    return (a > UINT32_MAX - b);
+}
+
+/**
+ * Checks whether on overflow can happen during a summation operation
+ *
+ * @param  a  First operand of summation
+ *
+ * @param  b  Second operand of summation
+ *
+ * @return    True in case of overflow, false otherwise
+ */
+bool
+boot_add_uint16_overflow_check(uint16_t a, uint16_t b)
+{
+    return (a > UINT16_MAX - b);
+}