[PATCH] libfdt: Check for multiple/invalid root nodes
It is possible to construct a devicetree blob with multiple root nodes.
Update fdt_check_full() to check for this, along with a root node with an
invalid name.
CVE-2021-27097
Signed-off-by: Simon Glass <sjg@chromium.org>
Reported-by: Bruce Monroe <bruce.monroe@intel.com>
Reported-by: Arie Haenel <arie.haenel@intel.com>
Reported-by: Julien Lenoir <julien.lenoir@intel.com>
The test part has not been patched. It would require these patches as well:
https://github.com/u-boot/u-boot/commit/
fafafacb470b345f2f41b86e4633ef91a7c5ed23
https://github.com/u-boot/u-boot/commit/
d5f3aadacbc63df3b690d6fd9f0aa3f575b43356
Reviewed-By: Daniel Leidert <dleidert@debian.org>
Origin: https://github.com/u-boot/u-boot/commit/
124c255731c76a2b09587378b2bcce561bcd3f2d
Bug: https://github.com/advisories/GHSA-3w66-96j7-fmcp
Bug-Debian: https://bugs.debian.org/983270
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2021-27097
Bug-Freexian-Security: https://deb.freexian.com/extended-lts/tracker/CVE-2021-27097
Gbp-Pq: Name CVE-2021-27097-4.patch
projects / u-boot.git / commit