Commit ebe0f53f authored 8 years ago by Michal Simek Committed by Tom Rini 8 years ago

tools: mkimage: Use fstat instead of stat to avoid malicious hacks


The patch is fixing:
"tools: mkimage: Check if file is regular file"
(sha1: 56c7e801)
which contains two issues reported by Coverity
Unchecked return value from stat and incorrect calling sequence where
attack can happen between calling stat and fopen.
Using pair in opposite order (fopen and fstat) is fixing this issue
because fstat is using the same file descriptor (FILE *).

Also fixing issue with:
"tools: mkimage: Add support for initialization table for Zynq and
ZynqMP" (sha1: 3b646080)
where file wasn't checked that it is regular file.

Reported-by: Coverity (CID: 154711, 154712)
Signed-off-by: Michal Simek <michal.simek@xilinx.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

parent 963ed6f3

No related branches found

No related tags found

No related merge requests found

Hide whitespace changes

Inline Side-by-side

Showing with 22 additions and 8 deletions

Please register or to comment