The root node is supposed to have an empty name, but at present this is
not checked. The behaviour of such a tree is not well defined. Most
software rightly assumes that the root node is at offset 0 and does not
check the name. This oddity was discovered as part of a security
investigation into U-Boot verified boot.
Add a check for this to fdt_check_full().
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Message-Id: <20210323010410.3222701-2-sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
At present it is possible to have two root nodes and even access nodes
in the 'second' root. Such trees should not be considered valid. This
was discovered as part of a security investigation into U-Boot verified
boot.
Add a check for this to fdt_check_full().
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
Message-Id: <20210323000926.3210733-1-sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
fdt_check_header assumes that its argument points to a complete header
and can read data beyond the FDT_V1_SIZE bytes which fdt_check_full
can provide.
fdt_header_size can safely return a header size with FDT_V1_SIZE bytes
available and will return a usable value even for a corrupted header.
Signed-off-by: Patrick Oppenlander <patrick.oppenlander@gmail.com>
Message-Id: <20200709041451.338548-1-patrick.oppenlander@gmail.com>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
This function is used to perform a full check of the device tree. Allow
it to be excluded if all assumptions are enabled.
Signed-off-by: Simon Glass <sjg@chromium.org>
Reviewed-by: David Gibson <david@gibson.dropbear.id.au>
Message-Id: <20200220214557.176528-9-sjg@chromium.org>
Signed-off-by: David Gibson <david@gibson.dropbear.id.au>
