From eb14a8b55208c1a7320035af045e38ecd6f5458a Mon Sep 17 00:00:00 2001
From: Russell King <rmk@armlinux.org.uk>
Date: Thu, 29 Mar 2018 22:01:01 +0100
Subject: ARM: Ensure kernel size tag is sized appropriately

Ensure that the kernel size tag is an appropriate size before using
the information contained within it.

Signed-off-by: Russell King <rmk@armlinux.org.uk>
---
 kexec/arch/arm/kexec-zImage-arm.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/kexec/arch/arm/kexec-zImage-arm.c b/kexec/arch/arm/kexec-zImage-arm.c
index 2a7eea9..2a77e57 100644
--- a/kexec/arch/arm/kexec-zImage-arm.c
+++ b/kexec/arch/arm/kexec-zImage-arm.c
@@ -567,7 +567,7 @@ int zImage_arm_load(int argc, char **argv, const char *buf, off_t len,
 	 * overwritten.
 	 */
 	tag = find_extension_tag(buf, len, ZIMAGE_TAG_KRNL_SIZE);
-	if (tag) {
+	if (tag && tag->hdr.size >= 2) {
 		uint32_t *p = (void *)buf + le32_to_cpu(tag->u.krnl_size.size_ptr);
 		uint32_t edata_size = le32_to_cpu(get_unaligned(p));
 		uint32_t bss_size = le32_to_cpu(tag->u.krnl_size.bss_size);
-- 
cgit