From 04e2338857e66ee1af7a826e320e6fe755711f65 Mon Sep 17 00:00:00 2001
From: Furquan Shaikh <furquan@google.com>
Date: Fri, 29 May 2015 18:00:46 -0700
Subject: [PATCH] vboot_api_kernel: Do not pre-populate variables in
 VbVerifyMemoryBootImage

Do not use values from the header or preamble until it is known to be
good.

BUG=None
BRANCH=None
TEST=Compiles successfully and VbVerifyMemoryBootImage returns early
for images with bad values in header.

Change-Id: Ic026f49292a139e0a04c2556ca9fa62ff277b18f
Signed-off-by: Furquan Shaikh <furquan@google.com>
Reviewed-on: https://chromium-review.googlesource.com/274141
Trybot-Ready: Furquan Shaikh <furquan@chromium.org>
Tested-by: Furquan Shaikh <furquan@chromium.org>
Reviewed-by: Randall Spangler <rspangler@chromium.org>
Commit-Queue: Furquan Shaikh <furquan@chromium.org>
---
 firmware/lib/vboot_api_kernel.c | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/firmware/lib/vboot_api_kernel.c b/firmware/lib/vboot_api_kernel.c
index 623711b9b7..0fd1fa3e2e 100644
--- a/firmware/lib/vboot_api_kernel.c
+++ b/firmware/lib/vboot_api_kernel.c
@@ -1223,11 +1223,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
 	kparams->flags = 0;
 	Memset(kparams->partition_guid, 0, sizeof(kparams->partition_guid));
 
-	/* Populate pointers to all components in the image. */
 	kbuf = boot_image;
-	key_block = (VbKeyBlockHeader *)kbuf;
-	preamble = (VbKernelPreambleHeader *)(kbuf + key_block->key_block_size);
-	body_offset = key_block->key_block_size + preamble->preamble_size;
 
 	/* Read GBB Header */
 	cparams->bmp = NULL;
@@ -1263,6 +1259,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
 	retval = VBERROR_INVALID_KERNEL_FOUND;
 
 	/* Verify the key block. */
+	key_block = (VbKeyBlockHeader *)kbuf;
 	if (0 != KeyBlockVerify(key_block, image_size, kernel_subkey,
 				hash_only)) {
 		VBDEBUG(("Verifying key block signature/hash failed.\n"));
@@ -1292,6 +1289,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
 	}
 
 	/* Verify the preamble, which follows the key block */
+	preamble = (VbKernelPreambleHeader *)(kbuf + key_block->key_block_size);
 	if ((0 != VerifyKernelPreamble(preamble,
 				       image_size -
 				       key_block->key_block_size,
@@ -1303,6 +1301,7 @@ VbError_t VbVerifyMemoryBootImage(VbCommonParams *cparams,
 	VBDEBUG(("Kernel preamble is good.\n"));
 
 	/* Verify kernel data */
+	body_offset = key_block->key_block_size + preamble->preamble_size;
 	if (0 != VerifyData((const uint8_t *)(kbuf + body_offset),
 			    image_size - body_offset,
 			    &preamble->body_signature, data_key)) {