From 4d47243c9088ef295892fbc25b9c3622e43ad639 Mon Sep 17 00:00:00 2001
From: Vincent Palatin <vpalatin@chromium.org>
Date: Thu, 15 Oct 2015 17:46:58 -0700
Subject: futility: fix segfault on short files

Verify the size of the buffer read from the file before trying to use 1KB of
it for the new rwsig format detection.

Add a new test case with a short file containing only 4 bytes of unknown
data and run "futility show" on it.

BRANCH=smaug
BUG=none
TEST=futility show foobar.pub.pem
where foobar.pub.pem is a 451-byte file.
check that "make runtests" passes with the fix
and fails without it with the following message :
test_file_types.sh ... failed
FAIL: 13 / 14 passed

Change-Id: Ia9d68c6b528c2b3a595ea6791c907374616d051f
Reviewed-on: https://chromium-review.googlesource.com/306682
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
---
 futility/file_type_rwsig.c         | 3 ++-
 tests/futility/data/short_junk.bin | 1 +
 tests/futility/test_file_types.sh  | 1 +
 3 files changed, 4 insertions(+), 1 deletion(-)
 create mode 100644 tests/futility/data/short_junk.bin

diff --git a/futility/file_type_rwsig.c b/futility/file_type_rwsig.c
index e50ff32f..b9c9e216 100644
--- a/futility/file_type_rwsig.c
+++ b/futility/file_type_rwsig.c
@@ -226,7 +226,8 @@ enum futil_file_type ft_recognize_rwsig(uint8_t *buf, uint32_t len)
 	if (!vb2_verify_signature((const struct vb2_signature *)buf, len))
 		return FILE_TYPE_RWSIG;
 
-	if (!vb2_verify_signature((const struct vb2_signature *)
+	if (len >= SIGNATURE_RSVD_SIZE &&
+	    !vb2_verify_signature((const struct vb2_signature *)
 				  (buf + len - SIGNATURE_RSVD_SIZE),
 				  SIGNATURE_RSVD_SIZE))
 		return FILE_TYPE_RWSIG;
diff --git a/tests/futility/data/short_junk.bin b/tests/futility/data/short_junk.bin
new file mode 100644
index 00000000..dc765c3d
--- /dev/null
+++ b/tests/futility/data/short_junk.bin
@@ -0,0 +1 @@
+JUNK
diff --git a/tests/futility/test_file_types.sh b/tests/futility/test_file_types.sh
index 8acbcf72..470d6313 100755
--- a/tests/futility/test_file_types.sh
+++ b/tests/futility/test_file_types.sh
@@ -26,6 +26,7 @@ fail_case() {
 }
 
 # Known types
+test_case "unknown"         "tests/futility/data/short_junk.bin"
 test_case "unknown"         "tests/futility/data/random_noise.bin"
 test_case "pubkey"          "tests/devkeys/root_key.vbpubk"
 test_case "keyblock"        "tests/devkeys/kernel.keyblock"
-- 
cgit v1.2.1