[PATCH v4] image-fit-sig: Validate hashed-strings region size
Tom Rini
trini at konsulko.com
Sat Jun 13 20:04:32 CEST 2026
On Tue, Jun 02, 2026 at 07:29:25PM +0100, Anton Ivanov wrote:
> fit_config_check_sig() reads the hashed-strings property and uses
> its size value without validation when building the region list for
> signature verification. A crafted FIT image can specify an arbitrary
> size, causing the hash calculation to read beyond the end of the FIT
> image. The property length is also not checked, so a truncated
> hashed-strings property causes strings[1] to be read past the end of
> the property. This may result in the out-of-bounds read during signature
> verification of an untrusted FIT.
>
> Validate both the property length and that the declared strings region
> fits within bounds before adding it to the region list.
>
> Signed-off-by: Anton Ivanov <anton at binarly.io>
Applied to u-boot/next, thanks!
--
Tom
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: not available
URL: <https://lists.denx.de/pipermail/u-boot/attachments/20260613/a48cc380/attachment.sig>
More information about the U-Boot
mailing list