diff options
| author | Sascha Hauer <s.hauer@pengutronix.de> | 2021-06-24 10:52:08 +0200 |
|---|---|---|
| committer | Sascha Hauer <s.hauer@pengutronix.de> | 2021-06-25 09:27:07 +0200 |
| commit | 8d21690fa82bbc29cc34005103a2eda63eafabf3 (patch) | |
| tree | d8ce8f5ed7cf851e1938b3cd96e0ae4860467f3b /arch | |
| parent | 3b93bcd8db01bbe49249b59b0581b3ba375cb96b (diff) | |
| download | barebox-8d21690fa82bbc29cc34005103a2eda63eafabf3.tar.gz barebox-8d21690fa82bbc29cc34005103a2eda63eafabf3.tar.xz | |
fdt: Check blob size during unflattening
of_unflatten_dtb() doesn't check the size of the device tree blob
passed to it. Add a size argument end add checks for the size. Some
callers have no idea of the buffer size themselves, INT_MAX is passed
in these cases.
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Link: https://lore.barebox.org/20210624085223.14616-4-s.hauer@pengutronix.de
Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Diffstat (limited to 'arch')
| -rw-r--r-- | arch/arm/boards/qemu-virt/board.c | 4 | ||||
| -rw-r--r-- | arch/arm/boards/raspberry-pi/rpi-common.c | 2 | ||||
| -rw-r--r-- | arch/arm/boards/webasto-ccbv2/board.c | 2 | ||||
| -rw-r--r-- | arch/arm/lib32/bootm.c | 2 |
4 files changed, 5 insertions, 5 deletions
diff --git a/arch/arm/boards/qemu-virt/board.c b/arch/arm/boards/qemu-virt/board.c index 5ce1ecfc24..b2a3cb29ab 100644 --- a/arch/arm/boards/qemu-virt/board.c +++ b/arch/arm/boards/qemu-virt/board.c @@ -31,14 +31,14 @@ static int replace_dtb(void) { return 0; } - root = of_unflatten_dtb(fdt); + root = of_unflatten_dtb(fdt, INT_MAX); if (!of_device_is_compatible(root, "linux,dummy-virt")) { of_delete_node(root); return 0; } - overlay = of_unflatten_dtb(__dtb_overlay_of_flash_start); + overlay = of_unflatten_dtb(__dtb_overlay_of_flash_start, INT_MAX); of_overlay_apply_tree(root, overlay); return barebox_register_of(root); diff --git a/arch/arm/boards/raspberry-pi/rpi-common.c b/arch/arm/boards/raspberry-pi/rpi-common.c index e326732b3a..6c5df6fd69 100644 --- a/arch/arm/boards/raspberry-pi/rpi-common.c +++ b/arch/arm/boards/raspberry-pi/rpi-common.c @@ -430,7 +430,7 @@ static int rpi_vc_fdt_bootargs(void *fdt) struct device_node *root = NULL, *node; const char *cmdline; - root = of_unflatten_dtb(fdt); + root = of_unflatten_dtb(fdt, INT_MAX); if (IS_ERR(root)) { ret = PTR_ERR(root); root = NULL; diff --git a/arch/arm/boards/webasto-ccbv2/board.c b/arch/arm/boards/webasto-ccbv2/board.c index a78258ea6a..477771309e 100644 --- a/arch/arm/boards/webasto-ccbv2/board.c +++ b/arch/arm/boards/webasto-ccbv2/board.c @@ -28,7 +28,7 @@ static int ccbv2_probe(struct device_d *dev) return 0; fdt = (void*)OPTEE_OVERLAY_LOCATION; - overlay = of_unflatten_dtb(fdt); + overlay = of_unflatten_dtb(fdt, INT_MAX); if (IS_ERR(overlay)) return PTR_ERR(overlay); diff --git a/arch/arm/lib32/bootm.c b/arch/arm/lib32/bootm.c index 28a645a9d0..0ffb374cf1 100644 --- a/arch/arm/lib32/bootm.c +++ b/arch/arm/lib32/bootm.c @@ -421,7 +421,7 @@ static int do_bootz_linux_fdt(int fd, struct image_data *data, void **outfdt) if (IS_BUILTIN(CONFIG_OFTREE)) { struct device_node *root; - root = of_unflatten_dtb(oftree); + root = of_unflatten_dtb(oftree, header->totalsize); if (IS_ERR(root)) { pr_err("unable to unflatten devicetree\n"); goto err_free; |