diff options
author | Vincent Palatin <vpalatin@chromium.org> | 2015-10-15 17:46:58 -0700 |
---|---|---|
committer | ChromeOS bot <3su6n15k.default@developer.gserviceaccount.com> | 2015-10-20 17:31:40 +0000 |
commit | b6343ce4ca9bdd9634d7baa9496c7be90ba4cd2e (patch) | |
tree | 1aa80bafe4be48a143c73e9bbe3bace8c19d3a66 | |
parent | 2339599a8becf31a4eb2e2244706b9e183939e82 (diff) | |
download | vboot-b6343ce4ca9bdd9634d7baa9496c7be90ba4cd2e.tar.gz |
futility: fix segfault on short files
Verify the size of the buffer read from the file before trying to use 1KB of
it for the new rwsig format detection.
Add a new test case with a short file containing only 4 bytes of unknown
data and run "futility show" on it.
BRANCH=smaug
BUG=none
TEST=futility show foobar.pub.pem
where foobar.pub.pem is a 451-byte file.
check that "make runtests" passes with the fix
and fails without it with the following message :
test_file_types.sh ... failed
FAIL: 13 / 14 passed
Reviewed-on: https://chromium-review.googlesource.com/306682
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
(cherry picked from commit 4d47243c9088ef295892fbc25b9c3622e43ad639)
Change-Id: Ie0865733811cea93a75a35f8e5b2154d0134bd90
Reviewed-on: https://chromium-review.googlesource.com/307432
Reviewed-by: Vincent Palatin <vpalatin@chromium.org>
Commit-Queue: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
-rw-r--r-- | futility/file_type_rwsig.c | 3 | ||||
-rw-r--r-- | tests/futility/data/short_junk.bin | 1 | ||||
-rwxr-xr-x | tests/futility/test_file_types.sh | 1 |
3 files changed, 4 insertions, 1 deletions
diff --git a/futility/file_type_rwsig.c b/futility/file_type_rwsig.c index e50ff32f..b9c9e216 100644 --- a/futility/file_type_rwsig.c +++ b/futility/file_type_rwsig.c @@ -226,7 +226,8 @@ enum futil_file_type ft_recognize_rwsig(uint8_t *buf, uint32_t len) if (!vb2_verify_signature((const struct vb2_signature *)buf, len)) return FILE_TYPE_RWSIG; - if (!vb2_verify_signature((const struct vb2_signature *) + if (len >= SIGNATURE_RSVD_SIZE && + !vb2_verify_signature((const struct vb2_signature *) (buf + len - SIGNATURE_RSVD_SIZE), SIGNATURE_RSVD_SIZE)) return FILE_TYPE_RWSIG; diff --git a/tests/futility/data/short_junk.bin b/tests/futility/data/short_junk.bin new file mode 100644 index 00000000..dc765c3d --- /dev/null +++ b/tests/futility/data/short_junk.bin @@ -0,0 +1 @@ +JUNK diff --git a/tests/futility/test_file_types.sh b/tests/futility/test_file_types.sh index 8acbcf72..470d6313 100755 --- a/tests/futility/test_file_types.sh +++ b/tests/futility/test_file_types.sh @@ -26,6 +26,7 @@ fail_case() { } # Known types +test_case "unknown" "tests/futility/data/short_junk.bin" test_case "unknown" "tests/futility/data/random_noise.bin" test_case "pubkey" "tests/devkeys/root_key.vbpubk" test_case "keyblock" "tests/devkeys/kernel.keyblock" |