[PATCH] ARM: compressed: validate memory node device_type strings

[Pengpeng Hou]

fdt_check_mem_start() walks memory nodes in the compressed-kernel early
FDT and fetches device_type directly with fdt_getprop() before
immediately comparing it with strcmp(). Raw FDT properties are external
boot input, and this path does not prove that device_type is
NUL-terminated within its declared bounds.

Use fdt_stringlist_get() so malformed unterminated device_type
properties are rejected before they are used as C strings.

Signed-off-by: Pengpeng Hou <pengpeng at iscas.ac.cn>
---
 arch/arm/boot/compressed/fdt_check_mem_start.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/arch/arm/boot/compressed/fdt_check_mem_start.c b/arch/arm/boot/compressed/fdt_check_mem_start.c
index aa856567fd33..7c433ef33bcb 100644
--- a/arch/arm/boot/compressed/fdt_check_mem_start.c
+++ b/arch/arm/boot/compressed/fdt_check_mem_start.c
@@ -106,7 +106,7 @@ uint32_t fdt_check_mem_start(uint32_t mem_start, const void *fdt)
 	/* Walk all memory nodes and regions */
 	for (offset = fdt_next_node(fdt, -1, NULL); offset >= 0;
 	     offset = fdt_next_node(fdt, offset, NULL)) {
-		type = fdt_getprop(fdt, offset, "device_type", NULL);
+		type = fdt_stringlist_get(fdt, offset, "device_type", 0, NULL);
 		if (!type || strcmp(type, "memory"))
 			continue;
 
-- 
2.50.1 (Apple Git-155)