TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / TF-M / trusted-firmware-m.git / 0dc41d2a7381e2f5469c4cee084e737790037f24^! / . / bl2 / ext / mcuboot / bootutil / src / loader.c
commit0dc41d2a7381e2f5469c4cee084e737790037f24[log] [tgz]
authorDavid Vincze <david.vincze@arm.com>Mon Oct 28 14:56:29 2019 +0100
committerTamas Ban <tamas.ban@arm.com>Mon Dec 16 13:39:25 2019 +0000
tree1b4732dbf31091d6e1486ebdcfb0eaf61d67a1a6
parent2ddc13741bf88f9f5431636f50b81c074d9fe8f1 [diff] [blame]
Boot: Add overflow checks to TLV iterator

Add overflow checks to TLV iterator function. Some of the
overflow checks were lost from certain parts of the code when
the TLV iterator functions were introduced. Use overflow-safe
addition functions instead of the overflow checking functions
and remove these as they were overlapping in functionality.

Change-Id: I3b08ac5f84774cb17150a3c5d1c7a9781241fda6
Signed-off-by: David Vincze <david.vincze@arm.com>

diff --git a/bl2/ext/mcuboot/bootutil/src/loader.c b/bl2/ext/mcuboot/bootutil/src/loader.c
index 9387174..4a08b24 100644
--- a/bl2/ext/mcuboot/bootutil/src/loader.c
+++ b/bl2/ext/mcuboot/bootutil/src/loader.c

@@ -168,29 +168,28 @@
 boot_verify_image_header(struct image_header *hdr)
 {
     uint32_t image_end;
+    uint32_t x;
 
     if (hdr->ih_magic != IMAGE_MAGIC) {
         return BOOT_EBADIMAGE;
     }
 
     /* Check input parameters against integer overflow */
-    if (boot_add_uint32_overflow_check(hdr->ih_hdr_size, hdr->ih_img_size)) {
+    if (!boot_u32_safe_add(&image_end, hdr->ih_hdr_size, hdr->ih_img_size)) {
         return BOOT_EBADIMAGE;
     }
 
-    image_end = hdr->ih_hdr_size + hdr->ih_img_size;
-    if (boot_add_uint32_overflow_check(image_end, hdr->ih_protect_tlv_size)) {
+    if (!boot_u32_safe_add(&x, image_end, hdr->ih_protect_tlv_size)) {
         return BOOT_EBADIMAGE;
     }
 
-
 #if MCUBOOT_RAM_LOADING
     if (!(hdr->ih_flags & IMAGE_F_RAM_LOAD)) {
         return BOOT_EBADIMAGE;
     }
 
     /* Check input parameters against integer overflow */
-    if (boot_add_uint32_overflow_check(image_end, hdr->ih_load_addr)) {
+    if (!boot_u32_safe_add(&x, image_end, hdr->ih_load_addr)) {
         return BOOT_EBADIMAGE;
     }
 #endif
@@ -2538,16 +2537,18 @@
 static int
 boot_verify_ram_loading_address(uint32_t img_dst, uint32_t img_sz)
 {
+    uint32_t img_end_addr;
+
     if (img_dst < IMAGE_EXECUTABLE_RAM_START) {
         return BOOT_EBADIMAGE;
     }
 
-    if (boot_add_uint32_overflow_check(img_dst, img_sz)) {
+    if (!boot_u32_safe_add(&img_end_addr, img_dst, img_sz)) {
         return BOOT_EBADIMAGE;
     }
 
-    if (img_dst + img_sz > IMAGE_EXECUTABLE_RAM_START +
-                           IMAGE_EXECUTABLE_RAM_SIZE) {
+    if (img_end_addr > (IMAGE_EXECUTABLE_RAM_START +
+                        IMAGE_EXECUTABLE_RAM_SIZE)) {
         return BOOT_EBADIMAGE;
     }