Merge patch series "spl: fix error handling in spl_fit_get_image_name()"
Heinrich Schuchardt <heinrich.schuchardt@canonical.com> says:
spl_fit_get_image_name() used to lack a detection of malformed image name
properties in FIT images. The change in commit 3704b888a4ca ("common/spl:
fix potential out of buffer access in spl_fit_get_image_name function")
tried to fix this but led to function spl_fit_get_image_name() no longer
detecting if a property at index > 1 does not exist.
This patch is reverted.
An explicit check for malformed image name properties is introduced.
Link: https://lore.kernel.org/u-boot/38f5d078-3328-4bdb-9c95-4fb5fe89ddc2@gmx.de/T/#u
Link: https://lore.kernel.org/r/20250624153431.46986-1-heinrich.schuchardt@canonical.com
diff --git a/common/spl/spl_fit.c b/common/spl/spl_fit.c
index b3824af..25f3c82 100644
--- a/common/spl/spl_fit.c
+++ b/common/spl/spl_fit.c
@@ -73,7 +73,7 @@
const char **outname)
{
struct udevice *sysinfo;
- const char *name, *str;
+ const char *name, *str, *end;
__maybe_unused int node;
int len, i;
bool found = true;
@@ -83,15 +83,20 @@
debug("cannot find property '%s': %d\n", type, len);
return -EINVAL;
}
+ /* A string property should be NUL terminated */
+ end = name + len - 1;
+ if (!len || *end) {
+ debug("malformed property '%s'\n", type);
+ return -EINVAL;
+ }
str = name;
for (i = 0; i < index; i++) {
- str = memchr(str, '\0', name + len - str);
- if (!str) {
+ str = strchr(str, '\0') + 1;
+ if (str > end) {
found = false;
break;
}
- str++;
}
if (!found && CONFIG_IS_ENABLED(SYSINFO) && !sysinfo_get(&sysinfo)) {