diff options
Diffstat (limited to 'meta/recipes-bsp/u-boot/files/CVE-2020-10648-2.patch')
-rw-r--r-- | meta/recipes-bsp/u-boot/files/CVE-2020-10648-2.patch | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/meta/recipes-bsp/u-boot/files/CVE-2020-10648-2.patch b/meta/recipes-bsp/u-boot/files/CVE-2020-10648-2.patch new file mode 100644 index 0000000000..023f7eac0a --- /dev/null +++ b/meta/recipes-bsp/u-boot/files/CVE-2020-10648-2.patch @@ -0,0 +1,52 @@ +From 8a9d03732e6d0f68107c80919096e7cf956dcb3d Mon Sep 17 00:00:00 2001 +From: Simon Glass <sjg@chromium.org> +Date: Wed, 18 Mar 2020 11:44:02 -0600 +Subject: [PATCH] image: Load the correct configuration in fit_check_sign + +At present bootm_host_load_images() is passed the configuration that has +been verified, but ignores it and just uses the default configuration. +This may not be the same. + +Update this function to use the selected configuration. + +Signed-off-by: Simon Glass <sjg@chromium.org> + +CVE: CVE-2020-10648 +Upstream-Status: Backport[https://github.com/u-boot/u-boot/commit/8a9d03732e6d0f68107c80919096e7cf956dcb3d] +Signed-off-by: Scott Murray <scott.murray@konsulko.com> + +--- + common/bootm.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/common/bootm.c b/common/bootm.c +index 902c13880d..db4362a643 100644 +--- a/common/bootm.c ++++ b/common/bootm.c +@@ -819,7 +819,8 @@ void __weak switch_to_non_secure_mode(void) + #else /* USE_HOSTCC */ + + #if defined(CONFIG_FIT_SIGNATURE) +-static int bootm_host_load_image(const void *fit, int req_image_type) ++static int bootm_host_load_image(const void *fit, int req_image_type, ++ int cfg_noffset) + { + const char *fit_uname_config = NULL; + ulong data, len; +@@ -831,6 +832,7 @@ static int bootm_host_load_image(const void *fit, int req_image_type) + void *load_buf; + int ret; + ++ fit_uname_config = fdt_get_name(fit, cfg_noffset, NULL); + memset(&images, '\0', sizeof(images)); + images.verify = 1; + noffset = fit_image_load(&images, (ulong)fit, +@@ -878,7 +880,7 @@ int bootm_host_load_images(const void *fit, int cfg_noffset) + for (i = 0; i < ARRAY_SIZE(image_types); i++) { + int ret; + +- ret = bootm_host_load_image(fit, image_types[i]); ++ ret = bootm_host_load_image(fit, image_types[i], cfg_noffset); + if (!err && ret && ret != -ENOENT) + err = ret; + } |