Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(218)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: firmware/lib/vboot_common.c

Issue 6748009: Fix not checking hashed data size (Closed) Base URL: ssh://gitrw.chromium.org:9222/vboot_reference.git@master
Patch Set: Created 9 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: firmware/lib/vboot_common.c
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index 28d016ea1110b251f7b5dd8b3bcd392cc4d08cdf..ce01e9618b4c5246f30ff62606ecfed360b3bc98 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -216,6 +216,12 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
return VBOOT_KEY_BLOCK_INVALID;
}
+ /* Make sure advertised signature data sizes are sane. */
+ if (block->key_block_size < sig->data_size) {
+ VBDEBUG(("Signature calculated past end of the block\n"));
+ return VBOOT_KEY_BLOCK_INVALID;
+ }
+
VBDEBUG(("Checking key block hash only...\n"));
header_checksum = DigestBuf((const uint8_t*)block, sig->data_size,
SHA512_DIGEST_ALGORITHM);
@@ -249,6 +255,7 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
VBDEBUG(("Signature calculated past end of the block\n"));
return VBOOT_KEY_BLOCK_INVALID;
}
+
VBDEBUG(("Checking key block signature...\n"));
rv = VerifyData((const uint8_t*)block, size, sig, rsa);
RSAPublicKeyFree(rsa);
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698