Skip to content

Commit

Permalink
cbfs: fix scanning for file entries
Browse files Browse the repository at this point in the history 
the bound checks do not apply to header entries.
  • Loading branch information
@dhewg
dhewg committed Feb 7, 2018
1 parent bcd38b9 commit 290df6f
Show file tree
Hide file tree
Showing 2 changed files with 8 additions and 4 deletions.
11 changes: 7 additions & 4 deletions fs/cbfs/cbfs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,10 +97,13 @@ static int file_cbfs_next_file(u8 *start, u32 size, u32 align,
}

swap_file_header(&header, fileHeader);
if (header.offset < sizeof(struct cbfs_fileheader) ||
header.offset > header.len) {
file_cbfs_result = CBFS_BAD_FILE;
return -1;
if (header.type != CBFS_COMPONENT_CBFSHEADER) {
newNode->type = header.type;
if (header.offset < sizeof(struct cbfs_fileheader) ||
header.offset > header.len) {
file_cbfs_result = CBFS_BAD_FILE;
return -1;
}
}
newNode->next = NULL;
newNode->type = header.type;
Expand Down
1 change: 1 addition & 0 deletions include/cbfs.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@ enum cbfs_result {
};

enum cbfs_filetype {
CBFS_COMPONENT_CBFSHEADER = 0x02,
CBFS_TYPE_STAGE = 0x10,
CBFS_TYPE_PAYLOAD = 0x20,
CBFS_TYPE_OPTIONROM = 0x30,
Expand Down

0 comments on commit 290df6f

Please sign in to comment.