git.baikalelectronics.ru Git - uboot.git/commit

author	Simon Glass <sjg@chromium.org>
	Tue, 16 Feb 2021 00:08:06 +0000 (17:08 -0700)
committer	Tom Rini <trini@konsulko.com>
	Tue, 16 Feb 2021 00:17:25 +0000 (19:17 -0500)
commit	5dd06765216d86ed9cbfdc4174a2a9d4a4e8eed7
tree	fbaa2047d6a09d349e0ad78faaf75d6ffc3aff00	tree \| snapshot
parent	92c1d2867c045ab87c340b62bd6f8e3149a34408	commit \| diff

fit: Don't allow verification of images with @ nodes

When searching for a node called 'fred', any unit address appended to the
name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This
means that we cannot be sure that the node originally intended is the one
that is used.

Disallow use of nodes with unit addresses.

Update the forge test also, since it uses @ addresses.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>

common/image-fit-sig.c		diff \| blob \| history
common/image-fit.c		diff \| blob \| history
test/py/tests/test_fit.py		diff \| blob \| history
test/py/tests/vboot_forge.py		diff \| blob \| history