diff options
author | Randall Spangler <rspangler@chromium.org> | 2011-03-25 15:20:58 -0700 |
---|---|---|
committer | Randall Spangler <rspangler@chromium.org> | 2011-03-25 15:20:58 -0700 |
commit | ac7c2d9e303aec95ab80fba6d70790ca1c7b0e85 (patch) | |
tree | 01bdbfbe51b4d60bd2fde61364331b12ced3104e | |
parent | d583a30a7c3bd369f82c0428666c7a708d5341d5 (diff) | |
download | vboot-ac7c2d9e303aec95ab80fba6d70790ca1c7b0e85.tar.gz |
Fix not checking hashed data size
R=wfrichar@chromium.org,gauravsh@chromium.org
BUG=chrome-os-partner:2909
TEST=make && make runtests
Review URL: http://codereview.chromium.org/6748009
Change-Id: I3251aa6e6dd62ff4351fdf33ca9182b19a29cbbf
-rw-r--r-- | firmware/lib/vboot_common.c | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c index 28d016ea..ce01e961 100644 --- a/firmware/lib/vboot_common.c +++ b/firmware/lib/vboot_common.c @@ -216,6 +216,12 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size, return VBOOT_KEY_BLOCK_INVALID; } + /* Make sure advertised signature data sizes are sane. */ + if (block->key_block_size < sig->data_size) { + VBDEBUG(("Signature calculated past end of the block\n")); + return VBOOT_KEY_BLOCK_INVALID; + } + VBDEBUG(("Checking key block hash only...\n")); header_checksum = DigestBuf((const uint8_t*)block, sig->data_size, SHA512_DIGEST_ALGORITHM); @@ -249,6 +255,7 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size, VBDEBUG(("Signature calculated past end of the block\n")); return VBOOT_KEY_BLOCK_INVALID; } + VBDEBUG(("Checking key block signature...\n")); rv = VerifyData((const uint8_t*)block, size, sig, rsa); RSAPublicKeyFree(rsa); |