diff options
| author | Randall Spangler <rspangler@chromium.org> | 2014-06-06 09:30:14 -0700 |
|---|---|---|
| committer | chrome-internal-fetch <chrome-internal-fetch@google.com> | 2014-06-11 22:08:10 +0000 |
| commit | 2145721c3c1840561030b27d2207006b0139c16c (patch) | |
| tree | 8644c3e990a50243e91a7c2dbb6479b10033d67f /firmware | |
| parent | b9be53640efdee92b1b42e60adda274563236301 (diff) | |
| download | vboot-2145721c3c1840561030b27d2207006b0139c16c.tar.gz | |
vboot2: Use more specific error codes, part 2
Error codes reported by the aligment checks in common.c are now very
specific, and tests verify the proper errors are reported.
Changed args to vb2_member_inside() so I can force wraparounds.
BUG=chromium:370082
BRANCH=none
TEST=make clean && VBOOT2=1 COV=1 make
Change-Id: Ib135674e82005b76bce7a83a1f4a65a9c5296cf4
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/202937
Reviewed-by: Daisuke Nojiri <dnojiri@chromium.org>
Diffstat (limited to 'firmware')
| -rw-r--r-- | firmware/2lib/2common.c | 27 | ||||
| -rw-r--r-- | firmware/2lib/include/2common.h | 8 | ||||
| -rw-r--r-- | firmware/2lib/include/2return_codes.h | 26 |
3 files changed, 43 insertions, 18 deletions
diff --git a/firmware/2lib/2common.c b/firmware/2lib/2common.c index 9099f6f7..56593aae 100644 --- a/firmware/2lib/2common.c +++ b/firmware/2lib/2common.c @@ -20,14 +20,14 @@ int vb2_align(uint8_t **ptr, uint32_t *size, uint32_t align, uint32_t want_size) offs = align - offs; if (*size < offs) - return VB2_ERROR_BUFFER_TOO_SMALL; + return VB2_ERROR_ALIGN_BIGGER_THAN_SIZE; *ptr += offs; *size -= offs; } if (*size < want_size) - return VB2_ERROR_BUFFER_TOO_SMALL; + return VB2_ERROR_ALIGN_SIZE; return VB2_SUCCESS; } @@ -106,10 +106,10 @@ ptrdiff_t vb2_offset_of(const void *base, const void *ptr) return (uintptr_t)ptr - (uintptr_t)base; } -int vb2_verify_member_inside(const void *parent, uint32_t parent_size, - const void *member, uint32_t member_size, - uint32_t member_data_offset, - uint32_t member_data_size) +int vb2_verify_member_inside(const void *parent, size_t parent_size, + const void *member, size_t member_size, + ptrdiff_t member_data_offset, + size_t member_data_size) { const size_t psize = (size_t)parent_size; const uintptr_t parent_end = (uintptr_t)parent + parent_size; @@ -120,23 +120,22 @@ int vb2_verify_member_inside(const void *parent, uint32_t parent_size, /* Make sure parent doesn't wrap */ if (parent_end < (uintptr_t)parent) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_INSIDE_PARENT_WRAPS; /* * Make sure the member is fully contained in the parent and doesn't * wrap. Use >, not >=, since member_size = 0 is possible. */ if (member_end_offs < member_offs) - return VB2_ERROR_UNKNOWN; - if (member_offs > psize || member_end_offs > psize) - return VB2_ERROR_UNKNOWN; - + return VB2_ERROR_INSIDE_MEMBER_WRAPS; + if (member_offs < 0 || member_offs > psize || member_end_offs > psize) + return VB2_ERROR_INSIDE_MEMBER_OUTSIDE; /* Make sure parent fully contains member data */ if (data_end_offs < data_offs) - return VB2_ERROR_UNKNOWN; - if (data_offs > psize || data_end_offs > psize) - return VB2_ERROR_UNKNOWN; + return VB2_ERROR_INSIDE_DATA_WRAPS; + if (data_offs < 0 || data_offs > psize || data_end_offs > psize) + return VB2_ERROR_INSIDE_DATA_OUTSIDE; return VB2_SUCCESS; } diff --git a/firmware/2lib/include/2common.h b/firmware/2lib/include/2common.h index 3bb403be..326f8919 100644 --- a/firmware/2lib/include/2common.h +++ b/firmware/2lib/include/2common.h @@ -151,10 +151,10 @@ uint8_t *vb2_signature_data(struct vb2_signature *sig); * @param member_data_size Size of member data in bytes * @return VB2_SUCCESS, or non-zero if error. */ -int vb2_verify_member_inside(const void *parent, uint32_t parent_size, - const void *member, uint32_t member_size, - uint32_t member_data_offset, - uint32_t member_data_size); +int vb2_verify_member_inside(const void *parent, size_t parent_size, + const void *member, size_t member_size, + ptrdiff_t member_data_offset, + size_t member_data_size); /** * Verify a signature is fully contained in its parent data diff --git a/firmware/2lib/include/2return_codes.h b/firmware/2lib/include/2return_codes.h index 28c0f91d..f81dc732 100644 --- a/firmware/2lib/include/2return_codes.h +++ b/firmware/2lib/include/2return_codes.h @@ -100,6 +100,32 @@ enum vb2_return_code { VB2_ERROR_SECDATA_SET_FLAGS, /********************************************************************** + * Common code errors + */ + VB2_ERROR_COMMON = VB2_ERROR_BASE + 0x050000, + + /* Buffer is smaller than alignment offset in vb2_align() */ + VB2_ERROR_ALIGN_BIGGER_THAN_SIZE, + + /* Buffer is smaller than request in vb2_align() */ + VB2_ERROR_ALIGN_SIZE, + + /* Parent wraps around in vb2_verify_member_inside() */ + VB2_ERROR_INSIDE_PARENT_WRAPS, + + /* Member wraps around in vb2_verify_member_inside() */ + VB2_ERROR_INSIDE_MEMBER_WRAPS, + + /* Member outside parent in vb2_verify_member_inside() */ + VB2_ERROR_INSIDE_MEMBER_OUTSIDE, + + /* Member data wraps around in vb2_verify_member_inside() */ + VB2_ERROR_INSIDE_DATA_WRAPS, + + /* Member data outside parent in vb2_verify_member_inside() */ + VB2_ERROR_INSIDE_DATA_OUTSIDE, + + /********************************************************************** * TODO: errors which must still be made specific */ VB2_ERROR_TODO = VB2_ERROR_BASE + 0xff0000, |