tools: mkimage: Use fstat instead of stat to avoid malicious hacks

[u-boot] / tools / zynqimage.c

diff --git a/tools/zynqimage.c b/tools/zynqimage.c
index 43876e7a302499fed65ac33ef0afdbc09f2376b9..b47132b02a60f4441bcf1205213da6a08324163f 100644 (file)
--- a/tools/zynqimage.c
+++ b/tools/zynqimage.c
@@ -225,16 +225,26 @@ static int zynqimage_check_image_types(uint8_t type)
 static void zynqimage_parse_initparams(struct zynq_header *zynqhdr,
        const char *filename)
 {
-       /* Expect a table of register-value pairs, e.g. "0x12345678 0x4321" */
-       FILE *fp = fopen(filename, "r");
+       FILE *fp;
        struct zynq_reginit reginit;
        unsigned int reg_count = 0;
-       int r;
+       int r, err;
+       struct stat path_stat;
 
+       /* Expect a table of register-value pairs, e.g. "0x12345678 0x4321" */
+       fp = fopen(filename, "r");
        if (!fp) {
                fprintf(stderr, "Cannot open initparams file: %s\n", filename);
                exit(1);
        }
+
+       err = fstat(fileno(fp), &path_stat);
+       if (err)
+               return;
+
+       if (!S_ISREG(path_stat.st_mode))
+               return;
+
        do {
                r = fscanf(fp, "%x %x", &reginit.address, &reginit.data);
                if (r == 2) {