commit a14e102f0543cafb30bf87d62c7be3513f0deab0
author Avinash Pandey <avinasv@codeaurora.org> Fri Mar 09 12:16:45 2018 +0530
committer Avinash Pandey <avinasv@codeaurora.org> Tue Mar 20 13:07:36 2018 +0530
tree 0aa9772f939d54f2ae2b623cf25fe2a9e10d9620
parent 900f4e4d7d84a241b72d14c638d1d1a2ab078033

Sysupgrade: Fixing kw issues for buffer overflow.

Kw issues occurred with below message:
 "Array 'buf'of size 256 may use index value(s) -2..0".
In order to fix this issue, error message will be
returned with array index out of index if buffer
size isless than 0 or if it increases buffer size.

Change-Id: I5a7885b0ee2fd6e9c0ac3083b28366f1ae5ceaee
Signed-off-by: Avinash Pandey <avinasv@codeaurora.org>

tools/sysupgrade.c

diff --git a/tools/sysupgrade.c b/tools/sysupgrade.c
index 35b01a9..82dece4 100644
--- a/tools/sysupgrade.c
+++ b/tools/sysupgrade.c
@@ -1427,28 +1427,41 @@
 int sec_image_auth()
 {
 	int fd, i, len;
-	char buf[256];
+	char *buf = NULL;
 
 	fd = open(SEC_AUTHENTICATE_FILE, O_RDWR);
 	if (-1 == fd) {
 		perror(SEC_AUTHENTICATE_FILE);
 		return 1;
 	}
-
+	buf = (char*)malloc(SIG_SIZE);
+	if (buf == NULL) {
+		perror("Memory allocation failed\n");
+		close(fd);
+		return 1;
+	}
 	for (i = 0; i < NO_OF_SECTIONS; i++) {
 		if (!sections[i].is_present) {
 			continue;
 		}
 
-		len = snprintf(buf, sizeof(buf), "%s %s", sections[i].img_code, sections[i].file);
+		len = snprintf(buf, SIG_SIZE, "%s %s", sections[i].img_code, sections[i].file);
+		if (len < 0 || len > SIG_SIZE) {
+			perror("Array out of Index\n");
+			free(buf);
+			close(fd);
+			return 1;
+		}
 		if (write(fd, buf, len) != len) {
 			perror("write");
+			free(buf);
 			close(fd);
 			printf("%s Image authentication failed\n", buf);
 			return 1;
 		}
 	}
 	close(fd);
+	free(buf);
 	return 0;
 }