fdt_region: Ensure that depth never goes below -1
authorKonrad Beckmann <konrad.beckmann@gmail.com>
Wed, 7 Nov 2018 19:51:46 +0000 (14:51 -0500)
committerTom Rini <trini@konsulko.com>
Fri, 16 Nov 2018 21:52:01 +0000 (16:52 -0500)
commit21ebf2adde3e0d2fb0b6e9d63bd62a6b2f4c30a1
treecd0af77dfc2b34ebf26977b11dc2d7fdf7654502
parentf1c85688ab13f154ebe1b1480def233a22e7f66b
fdt_region: Ensure that depth never goes below -1

A specially crafted FIT image makes it possible to overflow the stack
with controlled values when using the verified boot feature. Depending
on the memory layout, this could be used to overwrite configuration
variables on the heap and setting them to 0, e.g. disable signature
verification, thus bypassing it.

This change fixes a bug in fdt_find_regions where the fdt structure is
parsed. A lower value than -1 of depth can lead to a buffer underflow
write on the stack.

Signed-off-by: Konrad Beckmann <konrad.beckmann@gmail.com>
Reviewed-by: Simon Glass <sjg@chromium.org>
lib/libfdt/fdt_region.c