diff options
| author | Randall Spangler <rspangler@chromium.org> | 2014-09-23 16:30:37 -0700 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-09-24 21:17:57 +0000 |
| commit | c6fa98d2ed1816d88e8517cd988de186fd6477b8 (patch) | |
| tree | b2f1eb5ad7921795cdb51d62154ae53b4853f7e3 | |
| parent | 779796f57e1e0236ea502248ede2cbea986fca21 (diff) | |
| download | vboot-c6fa98d2ed1816d88e8517cd988de186fd6477b8.tar.gz | |
vboot2: Fix potential null pointer dereference
If key is null in vb2_verify_digest(), we could attempt to dereference
it. In practice it never is, but for safety's sake we should avoid
the reference.
BUG=chrome-os-partner:32235
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I5a817e432922ea4c3b439b696cd2f8d988d0fecc
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/219574
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
| -rw-r--r-- | firmware/2lib/2rsa.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c index cc39b1d6..47ef1799 100644 --- a/firmware/2lib/2rsa.c +++ b/firmware/2lib/2rsa.c @@ -313,7 +313,7 @@ int vb2_verify_digest(const struct vb2_public_key *key, { struct vb2_workbuf wblocal = *wb; uint32_t *workbuf32; - uint32_t key_bytes = key->arrsize * sizeof(uint32_t); + uint32_t key_bytes; int pad_size; int rv; @@ -326,6 +326,7 @@ int vb2_verify_digest(const struct vb2_public_key *key, } /* Signature length should be same as key length */ + key_bytes = key->arrsize * sizeof(uint32_t); if (key_bytes != vb2_rsa_sig_size(key->algorithm)) { VB2_DEBUG("Signature is of incorrect length!\n"); return VB2_ERROR_RSA_VERIFY_SIG_LEN; |