[PATCH v5] image-fit: Validate external data offset and size
Simon Glass
sjg at chromium.org
Sat Jun 6 00:08:15 CEST 2026
On 2026-06-04T10:39:50, Anton Ivanov <anton at binarly.io> wrote:
> image-fit: Validate external data offset and size
>
> fit_image_get_data() uses the data-position, data-offset, and
> data-size FIT properties without bounds checking. A crafted FIT
> image can specify values that cause out-of-bounds read during
> signature verification of an untrusted FIT.
>
> Validate that the external data offset and size are non-negative,
> and that the data region fits within the FIT image bounds.
>
> Signed-off-by: Anton Ivanov <anton at binarly.io>
>
> boot/image-fit.c | 53 +++++++++++++-
> test/py/tests/test_vboot.py | 165 ++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 216 insertions(+), 2 deletions(-)
Reviewed-by: Simon Glass <sjg at chromium.org>
More information about the U-Boot
mailing list