diff options
| author | Vincent Palatin <vpalatin@chromium.org> | 2015-10-15 17:46:58 -0700 |
|---|---|---|
| committer | chrome-bot <chrome-bot@chromium.org> | 2015-10-17 08:18:48 -0700 |
| commit | 4d47243c9088ef295892fbc25b9c3622e43ad639 (patch) | |
| tree | 07df0c98c2819fbdf0d77fc349eb6802e69fc0b6 /futility/file_type_rwsig.c | |
| parent | 02ac2885fd797fba7f12ef040f0eb041dda7af20 (diff) | |
| download | vboot-4d47243c9088ef295892fbc25b9c3622e43ad639.tar.gz | |
futility: fix segfault on short files
Verify the size of the buffer read from the file before trying to use 1KB of
it for the new rwsig format detection.
Add a new test case with a short file containing only 4 bytes of unknown
data and run "futility show" on it.
BRANCH=smaug
BUG=none
TEST=futility show foobar.pub.pem
where foobar.pub.pem is a 451-byte file.
check that "make runtests" passes with the fix
and fails without it with the following message :
test_file_types.sh ... failed
FAIL: 13 / 14 passed
Change-Id: Ia9d68c6b528c2b3a595ea6791c907374616d051f
Reviewed-on: https://chromium-review.googlesource.com/306682
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
Diffstat (limited to 'futility/file_type_rwsig.c')
| -rw-r--r-- | futility/file_type_rwsig.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/futility/file_type_rwsig.c b/futility/file_type_rwsig.c index e50ff32f..b9c9e216 100644 --- a/futility/file_type_rwsig.c +++ b/futility/file_type_rwsig.c @@ -226,7 +226,8 @@ enum futil_file_type ft_recognize_rwsig(uint8_t *buf, uint32_t len) if (!vb2_verify_signature((const struct vb2_signature *)buf, len)) return FILE_TYPE_RWSIG; - if (!vb2_verify_signature((const struct vb2_signature *) + if (len >= SIGNATURE_RSVD_SIZE && + !vb2_verify_signature((const struct vb2_signature *) (buf + len - SIGNATURE_RSVD_SIZE), SIGNATURE_RSVD_SIZE)) return FILE_TYPE_RWSIG; |