[U-Boot] [U-Boot, 1/2] image-sig: Ensure that hashed-nodes is null-terminated

Tom Rini trini at konsulko.com
Sat Nov 17 14:08:24 UTC 2018


On Wed, Nov 07, 2018 at 02:51:45PM -0500, Tom Rini wrote:

> From: Konrad Beckmann <konrad.beckmann at gmail.com>
> 
> A specially crafted FIT image leads to memory corruption in the stack
> when using the verified boot feature. The function fit_config_check_sig
> has a logic error that makes it possible to write past the end of the
> stack allocated array node_inc. This could potentially be used to bypass
> the signature check when using verified boot.
> 
> This change ensures that the number of strings is correct when counted.
> 
> Signed-off-by: Konrad Beckmann <konrad.beckmann at gmail.com>
> Reviewed-by: Simon Glass <sjg at chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20181117/b460938b/attachment.sig>


More information about the U-Boot mailing list