Djam/u-boot
1
0
Fork 0
mirror of https://github.com/u-boot/u-boot.git synced 2025-05-08 10:39:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

libfdt: Check for multiple/invalid root nodes

Browse source 
It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.

CVE-2021-27097

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
This commit is contained in:
Simon Glass 2021-02-15 17:08:11 -07:00 committed by Tom Rini
parent 6f3c2d8aa5
commit 124c255731
2 changed files with 19 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
test/py/tests/test_vboot.py
View file

@ -255,7 +255,8 @@ def test_vboot(u_boot_console, sha_algo, padding, sign_options, required,
util.run_and_log_expect_exception(
cons, [fit_check_sign, '-f', efit, '-k', dtb],
1, 'Failed to verify required signature')
run_bootm(sha_algo, 'evil fakeroot', 'Bad Data Hash', False, efit)
run_bootm(sha_algo, 'evil fakeroot', 'Bad FIT kernel image format',
False, efit)
# Try adding an @ to the kernel node name. This should be detected.
efit = '%stest.evilk.fit' % tmpdir