From 14ed2b842f61cfc234a274c5f626d7d8f81e7aa9 Mon Sep 17 00:00:00 2001
From: Stewart Smith <stewart@linux.vnet.ibm.com>
Date: Tue, 17 Nov 2015 16:57:40 +1100
Subject: libfdt: add basic sanity check to fdt_open_into

Signed-off-by: Stewart Smith <stewart@linux.vnet.ibm.com>
---
 libfdt/fdt_rw.c | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'libfdt')

diff --git a/libfdt/fdt_rw.c b/libfdt/fdt_rw.c
index 994037bb..befe87dc 100644
--- a/libfdt/fdt_rw.c
+++ b/libfdt/fdt_rw.c
@@ -425,6 +425,10 @@ int fdt_open_into(const void *fdt, void *buf, int bufsize)
 	newsize = FDT_ALIGN(sizeof(struct fdt_header), 8) + mem_rsv_size
 		+ struct_size + fdt_size_dt_strings(fdt);
 
+	/* basic sanity check */
+	if (struct_size > bufsize)
+		return -FDT_ERR_BADSTRUCTURE;
+
 	if (bufsize < newsize)
 		return -FDT_ERR_NOSPACE;
 
-- 
cgit v1.2.1