16 Feb
2021
16 Feb
'21
4:35 a.m.
On Mon, Feb 15, 2021 at 05:08:06PM -0700, Simon Glass wrote:
When searching for a node called 'fred', any unit address appended to the name is ignored by libfdt, meaning that 'fred' can match 'fred@1'. This means that we cannot be sure that the node originally intended is the one that is used.
Disallow use of nodes with unit addresses.
Update the forge test also, since it uses @ addresses.
CVE-2021-27138
Signed-off-by: Simon Glass sjg@chromium.org Reported-by: Bruce Monroe bruce.monroe@intel.com Reported-by: Arie Haenel arie.haenel@intel.com Reported-by: Julien Lenoir julien.lenoir@intel.com
Applied to u-boot/master, thanks!
--
Tom