diff options
author | Simon Glass <sjg@chromium.org> | 2021-03-23 13:09:25 +1300 |
---|---|---|
committer | David Gibson <david@gibson.dropbear.id.au> | 2021-03-23 11:56:34 +1100 |
commit | 4ca61f84dc210ae78376d992c1ce6ebe40ecb5be (patch) | |
tree | d47d78dce4d89983fee8c2b7d6e664bab4e317f7 /libfdt | |
parent | 34d708249a91e0d4b89f29e7b52b21b213ce7c54 (diff) | |
download | dtc-4ca61f84dc210ae78376d992c1ce6ebe40ecb5be.zip dtc-4ca61f84dc210ae78376d992c1ce6ebe40ecb5be.tar.gz dtc-4ca61f84dc210ae78376d992c1ce6ebe40ecb5be.tar.bz2 |
libfdt: Check that there is only one root node
At present it is possible to have two root nodes and even access nodes
in the 'second' root. Such trees should not be considered valid. This
was discovered as part of a security investigation into U-Boot verified
boot.
Add a check for this to fdt_check_full().
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Message-Id: <20210323000926.3210733-1-sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
Diffstat (limited to 'libfdt')
-rw-r--r-- | libfdt/fdt_check.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/libfdt/fdt_check.c b/libfdt/fdt_check.c index 9ddfdbf..13595a2 100644 --- a/libfdt/fdt_check.c +++ b/libfdt/fdt_check.c @@ -19,6 +19,7 @@ int fdt_check_full(const void *fdt, size_t bufsize) unsigned int depth = 0; const void *prop; const char *propname; + bool expect_end = false; if (bufsize < FDT_V1_SIZE) return -FDT_ERR_TRUNCATED; @@ -41,6 +42,10 @@ int fdt_check_full(const void *fdt, size_t bufsize) if (nextoffset < 0) return nextoffset; + /* If we see two root nodes, something is wrong */ + if (expect_end && tag != FDT_END) + return -FDT_ERR_BADSTRUCTURE; + switch (tag) { case FDT_NOP: break; @@ -60,6 +65,8 @@ int fdt_check_full(const void *fdt, size_t bufsize) if (depth == 0) return -FDT_ERR_BADSTRUCTURE; depth--; + if (depth == 0) + expect_end = true; break; case FDT_PROP: |