image-sig: Ensure that hashed-nodes is null-terminated
A specially crafted FIT image leads to memory corruption in the stack when using the verified boot feature. The function fit_config_check_sig has a logic error that makes it possible to write past the end of the stack allocated array node_inc. This could potentially be used to bypass the signature check when using verified boot. This change ensures that the number of strings is correct when counted. Signed-off-by: Konrad Beckmann <konrad.beckmann@gmail.com> Reviewed-by: Simon Glass <sjg@chromium.org>
This commit is contained in:
parent
ad5fbc6e88
commit
f1c85688ab
@ -334,6 +334,11 @@ int fit_config_check_sig(const void *fit, int noffset, int required_keynode,
|
||||
return -1;
|
||||
}
|
||||
|
||||
if (prop && prop_len > 0 && prop[prop_len - 1] != '\0') {
|
||||
*err_msgp = "hashed-nodes property must be null-terminated";
|
||||
return -1;
|
||||
}
|
||||
|
||||
/* Add a sanity check here since we are using the stack */
|
||||
if (count > IMAGE_MAX_HASHED_NODES) {
|
||||
*err_msgp = "Number of hashed nodes exceeds maximum";
|
||||
|
Loading…
Reference in New Issue
Block a user