Add additional checks for size greater than header size.

Change-Id: Iea64e3df795d1f9299117cbd161b203295211629

R=wfrichar@chromium.org,gauravsh@chromium.org
BUG=chrome-os-partner:2908
TEST=make && make runtests

Review URL: http://codereview.chromium.org/6745027

1 files changed, 12 insertions, 0 deletions

diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index ce01e961..d9838c41 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -178,6 +178,10 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
   const VbSignature* sig;
 
   /* Sanity checks before attempting signature of data */
+  if(size < sizeof(VbKeyBlockHeader)) {
+    VBDEBUG(("Not enough space for key block header.\n"));
+    return VBOOT_KEY_BLOCK_INVALID;
+  }
   if (SafeMemcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) {
     VBDEBUG(("Not a valid verified boot key block.\n"));
     return VBOOT_KEY_BLOCK_INVALID;
@@ -292,6 +296,10 @@ int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader* preamble,
   const VbSignature* sig = &preamble->preamble_signature;
 
   /* Sanity checks before attempting signature of data */
+  if(size < sizeof(VbFirmwarePreambleHeader)) {
+    VBDEBUG(("Not enough data for preamble header.\n"));
+    return VBOOT_PREAMBLE_INVALID;
+  }
   if (preamble->header_version_major !=
       FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) {
     VBDEBUG(("Incompatible firmware preamble header version.\n"));
@@ -350,6 +358,10 @@ int VerifyKernelPreamble(const VbKernelPreambleHeader* preamble,
   const VbSignature* sig = &preamble->preamble_signature;
 
   /* Sanity checks before attempting signature of data */
+  if(size < sizeof(VbKernelPreambleHeader)) {
+    VBDEBUG(("Not enough data for preamble header.\n"));
+    return VBOOT_PREAMBLE_INVALID;
+  }
   if (preamble->header_version_major != KERNEL_PREAMBLE_HEADER_VERSION_MAJOR) {
     VBDEBUG(("Incompatible kernel preamble header version.\n"));
     return VBOOT_PREAMBLE_INVALID;