diff options
author | Bill Richardson <wfrichar@chromium.org> | 2014-12-02 19:31:38 -0800 |
---|---|---|
committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-12-04 05:08:10 +0000 |
commit | bd2eb59ded600c7a62b396f41dcf6937d567dca2 (patch) | |
tree | 28d91a1d762e4361c0c1ee23ad6292c448c80c92 | |
parent | 108d991c678f80c99967bd07035de7418c81a072 (diff) | |
download | vboot-bd2eb59ded600c7a62b396f41dcf6937d567dca2.tar.gz |
futility: fix segfault when displaying truncated kernels
Also added a test for it.
BUG=none
BRANCH=none
TEST=make runtests
Change-Id: I108c75d114400e664f0ad1f29038a94cb1effd54
Signed-off-by: Bill Richardson <wfrichar@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/233037
Reviewed-by: Randall Spangler <rspangler@chromium.org>
-rw-r--r-- | futility/cmd_show.c | 4 | ||||
-rwxr-xr-x | tests/futility/test_show_kernel.sh | 22 |
2 files changed, 24 insertions, 2 deletions
diff --git a/futility/cmd_show.c b/futility/cmd_show.c index f065b42c..f2262698 100644 --- a/futility/cmd_show.c +++ b/futility/cmd_show.c @@ -382,7 +382,7 @@ int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state) uint32_t len = state->my_area->len; VbPublicKey *sign_key = option.k; uint8_t *kernel_blob = 0; - uint64_t kernel_size; + uint64_t kernel_size = 0; int good_sig = 0; int retval = 0; @@ -441,7 +441,7 @@ int futil_cb_show_kernel_preamble(struct futil_traverse_state_s *state) /* It's in a separate file, which we've already read in */ kernel_blob = option.fv; kernel_size = option.fv_size; - } else { + } else if (state->my_area->len > option.padding) { /* It should be at an offset within the input file. */ kernel_blob = state->my_area->buf + option.padding; kernel_size = state->my_area->len - option.padding; diff --git a/tests/futility/test_show_kernel.sh b/tests/futility/test_show_kernel.sh index d4322451..151cf463 100755 --- a/tests/futility/test_show_kernel.sh +++ b/tests/futility/test_show_kernel.sh @@ -50,6 +50,28 @@ ${FUTILITY} show ${TMP}.kernel.test \ echo 'Test kernel blob looks good' +# Mess up the padding, make sure it fails. +rc=0 +${FUTILITY} show ${TMP}.kernel.test \ + --pad 0x100 \ + --publickey ${DEVKEYS}/kernel_subkey.vbpubk \ + || rc=$? +[ $rc -ne 0 ] +[ $rc -lt 128 ] + +echo 'Invalid args are invalid' + +# Look waaaaaay off the end of the file, make sure it fails. +rc=0 +${FUTILITY} show ${TMP}.kernel.test \ + --pad 0x100000 \ + --publickey ${DEVKEYS}/kernel_subkey.vbpubk \ + || rc=$? +[ $rc -ne 0 ] +[ $rc -lt 128 ] + +echo 'Really invalid args are still invalid' + # cleanup rm -rf ${TMP}* exit 0 |