Skip to content
Snippets Groups Projects
Commit 21ebf2ad authored by Konrad Beckmann's avatar Konrad Beckmann Committed by Tom Rini
Browse files

fdt_region: Ensure that depth never goes below -1 


A specially crafted FIT image makes it possible to overflow the stack
with controlled values when using the verified boot feature. Depending
on the memory layout, this could be used to overwrite configuration
variables on the heap and setting them to 0, e.g. disable signature
verification, thus bypassing it.

This change fixes a bug in fdt_find_regions where the fdt structure is
parsed. A lower value than -1 of depth can lead to a buffer underflow
write on the stack.

Signed-off-by: default avatarKonrad Beckmann <konrad.beckmann@gmail.com>
Reviewed-by: default avatarSimon Glass <sjg@chromium.org>
parent f1c85688
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 3 additions and 0 deletions
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment