utility/vbutil_keyblock.c - Issue 3594010: Address some security concerns in the cgpt tool.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: utility/vbutil_keyblock.c

Issue 3594010: Address some security concerns in the cgpt tool. (Closed) Base URL: http://git.chromium.org/git/vboot_reference.git

Patch Set: A little more cleanup. Take one more look, please. Created 10 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

Index: utility/vbutil_keyblock.c

diff --git a/utility/vbutil_keyblock.c b/utility/vbutil_keyblock.c

index dd13eb3df0482ff2866ed9e688ba129dfc26cb1b..ff1b44be456bc08c40d3c29e2d4d9a838c611845 100644

--- a/utility/vbutil_keyblock.c

+++ b/utility/vbutil_keyblock.c

@@ -127,7 +127,12 @@ static int Unpack(const char* infile, const char* datapubkey,

/* If the block is signed, then verify it with the signing public key, since

KeyBlockRead() only verified the hash. */

- if (block->key_block_signature.sig_size && signpubkey) {

+ if (block->key_block_signature.sig_size) {

+ if (!signpubkey) {

+ fprintf(stderr,

+ "vbutil_keyblock: keyblock requires public key to verify\n");

+ return 1;

+ }

sign_key = PublicKeyRead(signpubkey);

if (!sign_key) {

fprintf(stderr, "vbutil_keyblock: Error reading signpubkey.\n");

@@ -137,12 +142,16 @@ static int Unpack(const char* infile, const char* datapubkey,

fprintf(stderr, "vbutil_keyblock: Error verifying key block.\n");

return 1;

}

+ printf("Signature algorithm: %" PRIu64 " %s\n", sign_key->algorithm,

+ (sign_key->algorithm < kNumAlgorithms ?

+ algo_strings[sign_key->algorithm] : "(invalid)"));

Free(sign_key);

+ } else {

+ printf("Signature Algorithm: <none>\n");

}

printf("Key block file: %s\n", infile);

- printf("Signature %s\n", sign_key ? "valid" : "ignored");

- printf("Flags: %" PRIu64 " ", block->key_block_flags);

+ printf("Flags: %" PRIu64 "\n", block->key_block_flags);

if (block->key_block_flags & KEY_BLOCK_FLAG_DEVELOPER_0)

printf(" !DEV");

if (block->key_block_flags & KEY_BLOCK_FLAG_DEVELOPER_1)

« no previous file with comments | « cgpt/cmd_show.c ('k') | no next file » | no next file with comments »