[PATCH] lib: rsa: add NULL check for 'algo' in
Anton Moryakov
ant.v.moryakov at gmail.com
Tue Feb 25 14:53:27 CET 2025
- Check return value of fdt_getprop for NULL.
- Return -EFAULT if 'algo' property is missing.
- Prevent NULL pointer dereference in strcmp."
Triggers found by static analyzer Svace.
Signed-off-by: Anton Moryakov <ant.v.moryakov at gmail.com>
---
lib/rsa/rsa-verify.c | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/lib/rsa/rsa-verify.c b/lib/rsa/rsa-verify.c
index d3b4f71d6b..43166b1f24 100644
--- a/lib/rsa/rsa-verify.c
+++ b/lib/rsa/rsa-verify.c
@@ -449,6 +449,11 @@ static int rsa_verify_with_keynode(struct image_sign_info *info,
}
algo = fdt_getprop(blob, node, "algo", NULL);
+ if (!algo) {
+ debug("%s: Missing 'algo' property\n", __func__);
+ return -EFAULT;
+ }
+
if (strcmp(info->name, algo)) {
debug("%s: Wrong algo: have %s, expected %s\n", __func__,
info->name, algo);
--
2.30.2
More information about the U-Boot
mailing list