futility: vb1_helper: Fix sanity size check for parsing kernel partition

vbutil_kernel --verify didn't check if the size of the kernel body fit the file it was in. Now it does. BRANCH=None BUG=None TEST=make runtests Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I9cdfd50bd70b72650cdc0fd62bf59a394746ad84 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2225663 Reviewed-by: Joel Kitching <kitching@chromium.org>
author: Julius Werner <jwerner@chromium.org> 2020-06-01 16:11:10 -0700
committer: Commit Bot <commit-bot@chromium.org> 2020-06-06 04:40:01 +0000
commit: d5a4570063abd5883559f40af9f8f5192a143ee7 (patch)
tree: 954087172fa73a0e53554de5298905017449dcd7
parent: 8467bb3d6ded247b16fc52f7e0d60636a4e16933 (diff)
download: vboot-d5a4570063abd5883559f40af9f8f5192a143ee7.tar.gz
1 files changed, 4 insertions, 2 deletions
diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c
index cdc39251..ef497e6c 100644
--- a/futility/vb1_helper.c
+++ b/futility/vb1_helper.c
@@ -384,10 +384,12 @@ uint8_t *unpack_kernel_partition(uint8_t *kpart_data,
 	g_kernel_blob_size = preamble->body_signature.data_size;
 
 	/* Sanity check */
-	if (g_kernel_blob_size < preamble->body_signature.data_size)
+	if (kpart_size < now + g_kernel_blob_size) {
 		fprintf(stderr,
-			"Warning: kernel file only has %#x bytes\n",
+			"kernel body size %u exceeds partition end\n",
 			g_kernel_blob_size);
+		return NULL;
+	}
 
 	/* Update the blob pointers */
 	UnpackKernelBlob(g_kernel_blob_data);
author	Julius Werner <jwerner@chromium.org>	2020-06-01 16:11:10 -0700
committer	Commit Bot <commit-bot@chromium.org>	2020-06-06 04:40:01 +0000
commit	d5a4570063abd5883559f40af9f8f5192a143ee7 (patch)
tree	954087172fa73a0e53554de5298905017449dcd7
parent	8467bb3d6ded247b16fc52f7e0d60636a4e16933 (diff)
download	vboot-d5a4570063abd5883559f40af9f8f5192a143ee7.tar.gz