[U-Boot] [PATCH 2/2] fdt_region: Ensure that depth never goes below -1
Simon Glass
sjg at chromium.org
Tue Nov 13 19:54:05 UTC 2018
On 7 November 2018 at 11:51, Tom Rini <trini at konsulko.com> wrote:
> From: Konrad Beckmann <konrad.beckmann at gmail.com>
>
> A specially crafted FIT image makes it possible to overflow the stack
> with controlled values when using the verified boot feature. Depending
> on the memory layout, this could be used to overwrite configuration
> variables on the heap and setting them to 0, e.g. disable signature
> verification, thus bypassing it.
>
> This change fixes a bug in fdt_find_regions where the fdt structure is
> parsed. A lower value than -1 of depth can lead to a buffer underflow
> write on the stack.
>
> Signed-off-by: Konrad Beckmann <konrad.beckmann at gmail.com>
> ---
> lib/libfdt/fdt_region.c | 3 +++
> 1 file changed, 3 insertions(+)
>
Reviewed-by: Simon Glass <sjg at chromium.org>
More information about the U-Boot
mailing list