Mirrors/u-boot
2
0
Fork 0
mirror of https://github.com/AsahiLinux/u-boot synced 2024-09-21 15:12:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

image-sig: Ensure that hashed-nodes is null-terminated

Browse source 
A specially crafted FIT image leads to memory corruption in the stack
when using the verified boot feature. The function fit_config_check_sig
has a logic error that makes it possible to write past the end of the
stack allocated array node_inc. This could potentially be used to bypass
the signature check when using verified boot.

This change ensures that the number of strings is correct when counted.

Signed-off-by: Konrad Beckmann <konrad.beckmann@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
Konrad Beckmann 2018-11-07 14:51:45 -05:00 committed by Tom Rini
parent ad5fbc6e88
commit f1c85688ab
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
common/image-sig.c
View file

@ -334,6 +334,11 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
return -1;
}
if (prop && prop_len > 0 && prop[prop_len - 1] != '\0') {
*err_msgp = "hashed-nodes property must be null-terminated";
return -1;
}
/* Add a sanity check here since we are using the stack */
if (count > IMAGE_MAX_HASHED_NODES) {
*err_msgp = "Number of hashed nodes exceeds maximum";