[fdt] Allow for parsing device trees where the length is known in advance

Allow for parsing device trees where an external factor (such as a downloaded image length) determines the maximum length, which must be validated against the length within the device tree header. Signed-off-by: Michael Brown <mcb30@ipxe.org>
2026-02-06 13:19:28 +03:00 · 2025-03-28 14:08:18 +00:00
parent 2399c79980
commit 3860313dd5
4 changed files with 20 additions and 4 deletions
--- a/src/core/fdt.c
+++ b/src/core/fdt.c
@@ -82,7 +82,7 @@ static int fdt_traverse ( struct fdt *fdt,
 	size_t len;

 	/* Sanity checks */
-	assert ( pos->offset < fdt->len );
+	assert ( pos->offset <= fdt->len );
 	assert ( ( pos->offset & ( FDT_STRUCTURE_ALIGN - 1 ) ) == 0 );

 	/* Clear descriptor */
@@ -453,14 +453,28 @@ int fdt_mac ( struct fdt *fdt, unsigned int offset,
 *
 * @v fdt		Device tree
 * @v hdr		Device tree header
+ * @v max_len		Maximum device tree length
 * @ret rc		Return status code
 */
-int fdt_parse ( struct fdt *fdt, const struct fdt_header *hdr ) {
+int fdt_parse ( struct fdt *fdt, const struct fdt_header *hdr,
+		size_t max_len ) {
 	const uint8_t *end;

+	/* Sanity check */
+	if ( sizeof ( fdt ) > max_len ) {
+		DBGC ( fdt, "FDT length %#zx too short for header\n",
+		       max_len );
+		goto err;
+	}
+
 	/* Record device tree location */
 	fdt->hdr = hdr;
 	fdt->len = be32_to_cpu ( hdr->totalsize );
+	if ( fdt->len > max_len ) {
+		DBGC ( fdt, "FDT has invalid length %#zx / %#zx\n",
+		       fdt->len, max_len );
+		goto err;
+	}
 	DBGC ( fdt, "FDT version %d at %p+%#04zx\n",
 	       be32_to_cpu ( hdr->version ), fdt->hdr, fdt->len );