scottk/OpenCellular
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/OpenCellular.git synced 2025-11-26 11:15:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

vboot2: Fix potential null pointer dereference

Browse Source 
If key is null in vb2_verify_digest(), we could attempt to dereference
it.  In practice it never is, but for safety's sake we should avoid
the reference.

BUG=chrome-os-partner:32235
BRANCH=none
TEST=VBOOT2=1 make runtests

Change-Id: I5a817e432922ea4c3b439b696cd2f8d988d0fecc
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/219574
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
This commit is contained in:
Randall Spangler
2014-09-23 16:30:37 -07:00
committed by chrome-internal-fetch
parent 779796f57e
commit c6fa98d2ed
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
firmware/2lib/2rsa.c
View File

@@ -313,7 +313,7 @@ int vb2_verify_digest(const struct vb2_public_key *key,
{
struct vb2_workbuf wblocal = *wb;
uint32_t *workbuf32;
uint32_t key_bytes = key->arrsize * sizeof(uint32_t);
uint32_t key_bytes;
int pad_size;
int rv;
@@ -326,6 +326,7 @@ int vb2_verify_digest(const struct vb2_public_key *key,
}
/* Signature length should be same as key length */
key_bytes = key->arrsize * sizeof(uint32_t);
if (key_bytes != vb2_rsa_sig_size(key->algorithm)) {
VB2_DEBUG("Signature is of incorrect length!\n");
return VB2_ERROR_RSA_VERIFY_SIG_LEN;