git.openpandora.org / pandora-u-boot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8a7d4cf) | patch
fit: Don't allow verification of images with @ nodes
authorSimon Glass <sjg@chromium.org>
Tue, 16 Feb 2021 00:08:06 +0000 (17:08 -0700)
committerTom Rini <trini@konsulko.com>
Tue, 16 Feb 2021 00:17:25 +0000 (19:17 -0500)
commit79af75f7776fc20b0d7eb6afe1e27c00fdb4b9b4
treefbaa2047d6a09d349e0ad78faaf75d6ffc3aff00tree | snapshot
parent8a7d4cf9820ea16fabd25a6379351b4dc291204bcommit | diff
fit: Don't allow verification of images with @ nodes

When searching for a node called 'fred', any unit address appended to the
name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This
means that we cannot be sure that the node originally intended is the one
that is used.

Disallow use of nodes with unit addresses.

Update the forge test also, since it uses @ addresses.

CVE-2021-27138

Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
common/image-fit-sig.c diff | blob | history
common/image-fit.c diff | blob | history
test/py/tests/test_fit.py diff | blob | history
test/py/tests/vboot_forge.py diff | blob | history
Pandora U-Boot Repository