2626#include "wolfboot/wolfboot.h"
2727#include "image.h"
2828
29+ #ifdef UNIT_TEST
30+ # define unit_dbg printf
31+ #else
32+ # define unit_dbg (...) do{}while(0)
33+ #endif
34+
2935#if defined(EXT_ENCRYPTED )
3036 #if defined(__WOLFBOOT )
3137 #include "encrypt.h"
@@ -342,11 +348,15 @@ uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr)
342348{
343349 uint8_t * p = haystack ;
344350 uint16_t len ;
345- const uint8_t * max_p = (haystack - IMAGE_HEADER_OFFSET ) + IMAGE_HEADER_SIZE ;
346-
351+ const volatile uint8_t * max_p = (haystack - IMAGE_HEADER_OFFSET ) + IMAGE_HEADER_SIZE ;
352+ * ptr = NULL ;
353+ if (p > max_p ) {
354+ unit_dbg ("Illegal address (too high)\n" );
355+ return 0 ;
356+ }
347357 while ((p + 4 ) < max_p ) {
348358 if ((p [0 ] == 0 ) && (p [1 ] == 0 )) {
349- /* Explicit end of options reached */
359+ unit_dbg ( " Explicit end of options reached\n" );
350360 break ;
351361 }
352362 if (* p == HDR_PADDING ) {
@@ -360,8 +370,12 @@ uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr)
360370 continue ;
361371 }
362372 len = p [2 ] | (p [3 ] << 8 );
373+ if ((4 + len ) > (IMAGE_HEADER_SIZE - IMAGE_HEADER_OFFSET )) {
374+ unit_dbg ("This field is too large (bigger than the space available in the current header)\n" );
375+ break ;
376+ }
363377 if (p + 4 + len > max_p ) {
364- /* This field is too large and would overflow the image header */
378+ unit_dbg ( " This field is too large and would overflow the image header\n" );
365379 break ;
366380 }
367381 if ((p [0 ] | (p [1 ] << 8 )) == type ) {
@@ -370,7 +384,6 @@ uint16_t wolfBoot_find_header(uint8_t *haystack, uint16_t type, uint8_t **ptr)
370384 }
371385 p += 4 + len ;
372386 }
373- * ptr = NULL ;
374387 return 0 ;
375388}
376389
0 commit comments