u-boot/boot at master - u-boot - gitea@git.xfx1.de

mirrors/u-boot

mirror of https://source.denx.de/u-boot/u-boot.git synced 2026-02-26 18:41:46 +01:00

History

James Hilliard 0b2939464f boot: fit: validate FDT/DTO payload before fdt_open_into()

boot_get_fdt_fit_into_buffer() calls fdt_open_into() for both the
base FDT and overlay DTO blobs loaded from a FIT image.

Those blobs come from FIT payload data. In the overlay path,
fit_image_load() is called with FIT_LOAD_IGNORED, so the IH_TYPE_FLATDT
header check in fit_image_load() is skipped. This leaves fdt_open_into()
to consume header-derived offsets/sizes from unvalidated input.

Validate the full blob against the payload length first with
fdt_check_full(fdtsrcbuf, srclen), then proceed with fdt_totalsize() and
fdt_open_into(). This fixes Coverity CID 644638 (TAINTED_SCALAR).

Fixes: 5ebf0c55a23 ("image: fit: Apply overlays using aligned writable FDT copies")
Link: https://lore.kernel.org/all/20260223195109.GG3233182@bill-the-cat/
Signed-off-by: James Hilliard <james.hilliard1@gmail.com>
Reviewed-by: Tom Rini <trini@konsulko.com>

2026-02-24 10:28:37 -06:00

..

android_ab.c

boot/android_ab.c: Make use of LBAF for printing lbaint_t

2025-07-16 10:56:28 -06:00

boot_fit.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

bootdev-uclass.c

uclass: Cleanup uclass_find_next_device

2025-07-24 11:49:18 -06:00

bootflow_internal.h

expo: Improve the visual appearance of the menu

2025-05-30 09:49:32 +01:00

bootflow_menu.c

expo: Drop the special theme code for bootflow_menu

2025-05-30 09:49:33 +01:00

bootflow.c

boot: Run global bootmeths after all bootdevs are exhausted

2025-10-22 14:16:56 -06:00

bootm_os.c

bootm: fix boot failure from compressed image for IH_OS_EFI

2026-01-19 10:31:21 +01:00

bootm.c

lmb: replace the lmb_alloc() and lmb_alloc_base() API's

2025-06-25 09:50:37 -06:00

bootmeth_android.c

bootstd: android: Add missing free in android_read_bootflow

2026-01-15 09:26:22 +01:00

bootmeth_android.h

bootstd: Add a bootmeth for Android

2024-07-18 13:51:30 -06:00

bootmeth_cros.c

Revert "Merge patch series "pxe: Precursor series for supporting read_all() in extlinux / PXE""

2025-04-07 16:35:43 -06:00

bootmeth_cros.h

bootstd: cros: Bring in some ChromiumOS structures

2023-08-10 18:34:54 -06:00

bootmeth_efi_mgr.c

boot: Run the EFI bootmgr just before network devices

2025-10-22 14:16:56 -06:00

bootmeth_efi.c

boot: bootmeth_efi: Add extension board devicetree overlay support

2025-11-03 10:02:39 -06:00

bootmeth_extlinux.c

membuf: Rename struct

2025-04-03 16:54:49 -06:00

bootmeth_pxe.c

global: Avoid indirect inclusion of <env.h> from <net.h>

2025-05-29 08:30:25 -06:00

bootmeth_qfw.c

bootmeth: Update the read_file() method to include a type

2025-01-15 08:48:42 -06:00

bootmeth_rauc.c

bootstd: rauc: Fix null pointer access while checking root part

2026-02-16 11:52:01 -06:00

bootmeth_sandbox.c

bootmeth: Update the read_file() method to include a type

2025-01-15 08:48:42 -06:00

bootmeth_script.c

bootstd: make it possible to use tftp for netboot with standardboot

2025-10-24 13:47:50 -06:00

bootmeth-uclass.c

boot: Keep track of which bootmeths have been used

2025-10-22 14:16:56 -06:00

bootretry.c

bootretry: check for bootretry variable changes

2025-04-11 15:28:14 +02:00

bootstd-uclass.c

bootstd: Move the bootflow list into an alist

2025-01-15 08:48:42 -06:00

cedit.c

expo: Drop the render from expo_poll()

2025-05-30 09:49:32 +01:00

common_fit.c

boot/fit: use constants for property strings

2025-12-16 11:39:38 -06:00

expo_build_cb.c

x86: coreboot: Allow building an expo for editing CMOS config

2024-11-03 21:27:12 -06:00

expo_build.c

expo: Drop scene_title_set()

2024-10-18 14:10:22 -06:00

expo.c

expo: Drop the render from expo_poll()

2025-05-30 09:49:32 +01:00

extension-uclass.c

boot: extension: Move overlay apply custom logic to command level

2025-11-03 10:02:39 -06:00

fdt_region.c

doc: replace @return by Return:

2022-01-19 18:11:34 +01:00

fdt_simplefb.c

boot: fdt_simplefb: Remove conditional compilation checks for VIDEO Kconfig

2024-10-22 19:54:08 +02:00

fdt_support.c

boot/bootfdt: Add smbios3-entrypoint to FDT for non-EFI boots

2025-12-02 16:34:27 -06:00

image-android-dt.c

global: Use CONFIG_XPL_BUILD instead of CONFIG_SPL_BUILD

2024-10-11 11:44:48 -06:00

image-android.c

boot: android: Add bootconfig support

2026-01-15 14:00:24 +01:00

image-board.c

lmb: replace the lmb_alloc() and lmb_alloc_base() API's

2025-06-25 09:50:37 -06:00

image-cipher.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

image-fdt.c

boot: Warn users about fdt_high=~0 usage

2025-12-27 09:40:35 -06:00

image-fit-sig.c

image-fit-sig: skip in tools build if key is missing

2025-04-10 20:55:53 -06:00

image-fit.c

boot: fit: validate FDT/DTO payload before fdt_open_into()

2026-02-24 10:28:37 -06:00

image-host.c

Create a new boot/ directory

2021-11-11 19:01:56 -05:00

image-pre-load.c

global: Add <linux/string.h> instead of long indirect include path

2025-05-29 08:29:16 -06:00

image-sig.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

image.c

tools: mkimage: Add Amlogic Boot Image type

2025-12-11 11:44:41 +01:00

Kconfig

fit: Rework SPL_LOAD_FIT_ADDRESS slightly

2026-01-27 16:19:11 -06:00

Makefile

boot: Remove legacy extension board support

2025-11-03 10:02:39 -06:00

prog_boot.c

bootstd: Introduce programmatic boot

2023-12-13 11:51:24 -05:00

pxe_utils.c

cmd: pxe_utils: fix syntax error in comments

2026-02-16 11:52:01 -06:00

scene_internal.h

expo: Add forward declarations to scene_internal.h

2025-05-30 09:49:32 +01:00

scene_menu.c

boot: menu: Do not dereference pointer if pointer is NULL

2025-07-08 18:15:20 -06:00

scene_textedit.c

expo: Begin implementation of a text editor

2025-05-30 09:49:32 +01:00

scene_textline.c

expo: Create a struct for generic text attributes

2025-05-30 09:49:32 +01:00

scene.c

expo: Provide a way to position things relative to display

2025-05-30 09:49:32 +01:00

upl_common.c

upl: Add support for reading a upl handoff

2024-08-09 16:03:19 -06:00

upl_common.h

upl: Add support for reading a upl handoff

2024-08-09 16:03:19 -06:00

upl_read.c

upl: fix parsing of DT property

2024-11-14 18:14:06 -06:00

upl_write.c

upl: Fix buf array size

2025-11-22 08:48:13 -06:00

vbe_abrec_fw.c

vbe: Add an implementation of VBE-ABrec

2025-02-03 16:01:36 -06:00

vbe_abrec.c

vbe: Add an implementation of VBE-ABrec

2025-02-03 16:01:36 -06:00

vbe_abrec.h

vbe: Add an implementation of VBE-ABrec

2025-02-03 16:01:36 -06:00

vbe_common.c

vbe: Add an implementation of VBE-ABrec

2025-02-03 16:01:36 -06:00

vbe_common.h

vbe: Add an implementation of VBE-ABrec

2025-02-03 16:01:36 -06:00

vbe_request.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

vbe_simple_fw.c

vbe: Update simple-fw to support using the SPL loader

2025-01-22 09:47:50 -06:00

vbe_simple_os.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00

vbe_simple.c

Merge patch series "vbe: Series part F"

2025-01-22 11:21:58 -06:00

vbe_simple.h

vbe: Start a common header file

2025-01-22 09:47:49 -06:00

vbe.c

Restore patch series "arm: dts: am62-beagleplay: Fix Beagleplay Ethernet"

2024-05-20 13:35:03 -06:00