diff options
Diffstat (limited to 'meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch')
-rw-r--r-- | meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch new file mode 100644 index 000000000..5f82abeda --- /dev/null +++ b/meta-openbmc-mods/meta-ast2600/recipes-bsp/u-boot/files/CVE-2020-10648/0003-image-Return-an-error-message-from-fit_config_verify.patch @@ -0,0 +1,39 @@ +From 2fa27334977ba688f17edb6b66c8eb355d4a53a5 Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Tue, 31 Mar 2020 18:43:55 +0200 +Subject: [PATCH] image: Return an error message from fit_config_verify_sig() + +This function only returns an error message sometimes. Update it to always +return an error message if one is available. This makes it easier to see +what went wrong. + +Signed-off-by: Simon Glass <sjg@chromium.org> +Signed-off-by: Jae Hyun Yoo <jae.hyun.yoo@linux.intel.com> +--- + common/image-sig.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/common/image-sig.c b/common/image-sig.c +index 4f6b4ec412c3..48c89f930276 100644 +--- a/common/image-sig.c ++++ b/common/image-sig.c +@@ -470,13 +470,14 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset, + goto error; + } + +- return verified ? 0 : -EPERM; ++ if (verified) ++ return 0; + + error: + printf(" error!\n%s for '%s' hash node in '%s' config node\n", + err_msg, fit_get_name(fit, noffset, NULL), + fit_get_name(fit, conf_noffset, NULL)); +- return -1; ++ return -EPERM; + } + + int fit_config_verify_required_sigs(const void *fit, int conf_noffset, +-- +2.17.1 + |