diff options
| author | Vincent Palatin <vpalatin@chromium.org> | 2015-10-15 17:46:58 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2015-10-17 08:18:48 -0700 |
| commit | 4d47243c9088ef295892fbc25b9c3622e43ad639 (patch) | |
| tree | 07df0c98c2819fbdf0d77fc349eb6802e69fc0b6 | |
| parent | 02ac2885fd797fba7f12ef040f0eb041dda7af20 (diff) | |
| download | vboot-4d47243c9088ef295892fbc25b9c3622e43ad639.tar.gz | |
futility: fix segfault on short files
Verify the size of the buffer read from the file before trying to use 1KB of
it for the new rwsig format detection.
Add a new test case with a short file containing only 4 bytes of unknown
data and run "futility show" on it.
BRANCH=smaug
BUG=none
TEST=futility show foobar.pub.pem
where foobar.pub.pem is a 451-byte file.
check that "make runtests" passes with the fix
and fails without it with the following message :
test_file_types.sh ... failed
FAIL: 13 / 14 passed
Change-Id: Ia9d68c6b528c2b3a595ea6791c907374616d051f
Reviewed-on: https://chromium-review.googlesource.com/306682
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
| -rw-r--r-- | futility/file_type_rwsig.c | 3 | ||||
| -rw-r--r-- | tests/futility/data/short_junk.bin | 1 | ||||
| -rwxr-xr-x | tests/futility/test_file_types.sh | 1 |
3 files changed, 4 insertions, 1 deletions
diff --git a/futility/file_type_rwsig.c b/futility/file_type_rwsig.c index e50ff32f..b9c9e216 100644 --- a/futility/file_type_rwsig.c +++ b/futility/file_type_rwsig.c @@ -226,7 +226,8 @@ enum futil_file_type ft_recognize_rwsig(uint8_t *buf, uint32_t len) if (!vb2_verify_signature((const struct vb2_signature *)buf, len)) return FILE_TYPE_RWSIG; - if (!vb2_verify_signature((const struct vb2_signature *) + if (len >= SIGNATURE_RSVD_SIZE && + !vb2_verify_signature((const struct vb2_signature *) (buf + len - SIGNATURE_RSVD_SIZE), SIGNATURE_RSVD_SIZE)) return FILE_TYPE_RWSIG; diff --git a/tests/futility/data/short_junk.bin b/tests/futility/data/short_junk.bin new file mode 100644 index 00000000..dc765c3d --- /dev/null +++ b/tests/futility/data/short_junk.bin @@ -0,0 +1 @@ +JUNK diff --git a/tests/futility/test_file_types.sh b/tests/futility/test_file_types.sh index 8acbcf72..470d6313 100755 --- a/tests/futility/test_file_types.sh +++ b/tests/futility/test_file_types.sh @@ -26,6 +26,7 @@ fail_case() { } # Known types +test_case "unknown" "tests/futility/data/short_junk.bin" test_case "unknown" "tests/futility/data/random_noise.bin" test_case "pubkey" "tests/devkeys/root_key.vbpubk" test_case "keyblock" "tests/devkeys/kernel.keyblock" |