Fix not checking hashed data size

R=wfrichar@chromium.org,gauravsh@chromium.org BUG=chrome-os-partner:2909 TEST=make && make runtests Review URL: http://codereview.chromium.org/6748009 Change-Id: I3251aa6e6dd62ff4351fdf33ca9182b19a29cbbf
2025-12-15 20:37:33 +00:00 · 2011-03-25 15:20:58 -07:00
parent d583a30a7c
commit ac7c2d9e30
1 changed files with 7 additions and 0 deletions
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -216,6 +216,12 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
      return VBOOT_KEY_BLOCK_INVALID;
    }

+    /* Make sure advertised signature data sizes are sane. */
+    if (block->key_block_size < sig->data_size) {
+      VBDEBUG(("Signature calculated past end of the block\n"));
+      return VBOOT_KEY_BLOCK_INVALID;
+    }
+
    VBDEBUG(("Checking key block hash only...\n"));
    header_checksum = DigestBuf((const uint8_t*)block, sig->data_size,
                                SHA512_DIGEST_ALGORITHM);
@@ -249,6 +255,7 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
      VBDEBUG(("Signature calculated past end of the block\n"));
      return VBOOT_KEY_BLOCK_INVALID;
    }
+
    VBDEBUG(("Checking key block signature...\n"));
    rv = VerifyData((const uint8_t*)block, size, sig, rsa);
    RSAPublicKeyFree(rsa);