summaryrefslogtreecommitdiff
path: root/firmware
diff options
context:
space:
mode:
authorGaurav Shah <gauravsh@chromium.org>2010-06-30 18:26:21 -0700
committerGaurav Shah <gauravsh@chromium.org>2010-06-30 18:26:21 -0700
commit2a80e8a41627b367946480c72cb8c389df8d0cb3 (patch)
treeca6eecbac7e98b7625a94d66d95692c464491de1 /firmware
parentbde9a64357657a37aa7a2788aeeed67a62acdd94 (diff)
downloadvboot-2a80e8a41627b367946480c72cb8c389df8d0cb3.tar.gz
Make sure advertised signature data size is sane.
TEST=make runtests -- All the tests in the test suite pass. Review URL: http://codereview.chromium.org/2849036
Diffstat (limited to 'firmware')
-rw-r--r--firmware/lib/vboot_common.c14
-rw-r--r--firmware/version.c2
2 files changed, 14 insertions, 2 deletions
diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index 0f036123..be5a34de 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -195,11 +195,16 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
VBDEBUG(("Invalid public key\n"));
return VBOOT_PUBLIC_KEY_INVALID;
}
+
+ /* Make sure advertised signature data sizes are sane. */
+ if (block->key_block_size < sig->data_size) {
+ VBDEBUG(("Signature calculated past end of the block\n"));
+ return VBOOT_KEY_BLOCK_INVALID;
+ }
rv = VerifyData((const uint8_t*)block, sig, rsa);
RSAPublicKeyFree(rsa);
if (rv)
return VBOOT_KEY_BLOCK_SIGNATURE;
-
} else {
/* Check hash */
uint8_t* header_checksum = NULL;
@@ -269,6 +274,13 @@ int VerifyFirmwarePreamble2(const VbFirmwarePreambleHeader* preamble,
VBDEBUG(("Preamble signature off end of preamble\n"));
return VBOOT_PREAMBLE_INVALID;
}
+
+ /* Make sure advertised signature data sizes are sane. */
+ if (preamble->preamble_size < sig->data_size) {
+ VBDEBUG(("Signature calculated past end of the block\n"));
+ return VBOOT_PREAMBLE_INVALID;
+ }
+
if (VerifyData((const uint8_t*)preamble, sig, key)) {
VBDEBUG(("Preamble signature validation failed\n"));
return VBOOT_PREAMBLE_SIGNATURE;
diff --git a/firmware/version.c b/firmware/version.c
index 1ae829bb..b6ddebf0 100644
--- a/firmware/version.c
+++ b/firmware/version.c
@@ -1 +1 @@
-char* VbootVersion = "VBOOv=3b14b77c";
+char* VbootVersion = "VBOOv=75ccdf11";
View Lorry Controller Status