[U-Boot] [U-Boot, 2/2] fdt_region: Ensure that depth never goes below -1

Tom Rini trini at konsulko.com
Sat Nov 17 14:08:30 UTC 2018


On Wed, Nov 07, 2018 at 02:51:46PM -0500, Tom Rini wrote:

> From: Konrad Beckmann <konrad.beckmann at gmail.com>
> 
> A specially crafted FIT image makes it possible to overflow the stack
> with controlled values when using the verified boot feature. Depending
> on the memory layout, this could be used to overwrite configuration
> variables on the heap and setting them to 0, e.g. disable signature
> verification, thus bypassing it.
> 
> This change fixes a bug in fdt_find_regions where the fdt structure is
> parsed. A lower value than -1 of depth can lead to a buffer underflow
> write on the stack.
> 
> Signed-off-by: Konrad Beckmann <konrad.beckmann at gmail.com>
> Reviewed-by: Simon Glass <sjg at chromium.org>

Applied to u-boot/master, thanks!

-- 
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.denx.de/pipermail/u-boot/attachments/20181117/b6a29d72/attachment.sig>


More information about the U-Boot mailing list