diff options
Diffstat (limited to 'poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch')
-rw-r--r-- | poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch | 71 |
1 files changed, 0 insertions, 71 deletions
diff --git a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch b/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch deleted file mode 100644 index 98ec2c709..000000000 --- a/poky/meta/recipes-bsp/u-boot/files/CVE-2021-27097-1.patch +++ /dev/null @@ -1,71 +0,0 @@ -From 8a7d4cf9820ea16fabd25a6379351b4dc291204b Mon Sep 17 00:00:00 2001 -From: Simon Glass <sjg@chromium.org> -Date: Mon, 15 Feb 2021 17:08:05 -0700 -Subject: [PATCH] fdt_region: Check for a single root node of the correct name - -At present fdt_find_regions() assumes that the FIT is a valid devicetree. -If the FIT has two root nodes this is currently not detected in this -function, nor does libfdt's fdt_check_full() notice. Also it is possible -for the root node to have a name even though it should not. - -Add checks for these and return -FDT_ERR_BADSTRUCTURE if a problem is -detected. - -CVE-2021-27097 - -Signed-off-by: Simon Glass <sjg@chromium.org> -Reported-by: Bruce Monroe <bruce.monroe@intel.com> -Reported-by: Arie Haenel <arie.haenel@intel.com> -Reported-by: Julien Lenoir <julien.lenoir@intel.com> - -CVE: CVE-2021-27097 -Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/8a7d4cf9820ea16fabd25a6379351b4dc291204b] -Signed-off-by: Scott Murray <scott.murray@konsulko.com> - ---- - common/fdt_region.c | 11 +++++++++++ - 1 file changed, 11 insertions(+) - -diff --git a/common/fdt_region.c b/common/fdt_region.c -index ff12c518e9..e4ef0ca770 100644 ---- a/common/fdt_region.c -+++ b/common/fdt_region.c -@@ -43,6 +43,7 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, - int depth = -1; - int want = 0; - int base = fdt_off_dt_struct(fdt); -+ bool expect_end = false; - - end = path; - *end = '\0'; -@@ -59,6 +60,10 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, - tag = fdt_next_tag(fdt, offset, &nextoffset); - stop_at = nextoffset; - -+ /* If we see two root nodes, something is wrong */ -+ if (expect_end && tag != FDT_END) -+ return -FDT_ERR_BADLAYOUT; -+ - switch (tag) { - case FDT_PROP: - include = want >= 2; -@@ -81,6 +86,10 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, - if (depth == FDT_MAX_DEPTH) - return -FDT_ERR_BADSTRUCTURE; - name = fdt_get_name(fdt, offset, &len); -+ -+ /* The root node must have an empty name */ -+ if (!depth && *name) -+ return -FDT_ERR_BADLAYOUT; - if (end - path + 2 + len >= path_len) - return -FDT_ERR_NOSPACE; - if (end != path + 1) -@@ -108,6 +117,8 @@ int fdt_find_regions(const void *fdt, char * const inc[], int inc_count, - while (end > path && *--end != '/') - ; - *end = '\0'; -+ if (depth == -1) -+ expect_end = true; - break; - - case FDT_END: |