From cecdcbfe5d3832b4d639845d1fe297187236920c Mon Sep 17 00:00:00 2001
From: Randall Spangler <rspangler@chromium.org>
Date: Fri, 25 Mar 2011 15:49:10 -0700
Subject: [PATCH] Add additional checks for size greater than header size.

Change-Id: Iea64e3df795d1f9299117cbd161b203295211629

R=wfrichar@chromium.org,gauravsh@chromium.org
BUG=chrome-os-partner:2908
TEST=make && make runtests

Review URL: http://codereview.chromium.org/6745027
---
 firmware/lib/vboot_common.c | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/firmware/lib/vboot_common.c b/firmware/lib/vboot_common.c
index ce01e9618b..d9838c41fc 100644
--- a/firmware/lib/vboot_common.c
+++ b/firmware/lib/vboot_common.c
@@ -178,6 +178,10 @@ int KeyBlockVerify(const VbKeyBlockHeader* block, uint64_t size,
   const VbSignature* sig;
 
   /* Sanity checks before attempting signature of data */
+  if(size < sizeof(VbKeyBlockHeader)) {
+    VBDEBUG(("Not enough space for key block header.\n"));
+    return VBOOT_KEY_BLOCK_INVALID;
+  }
   if (SafeMemcmp(block->magic, KEY_BLOCK_MAGIC, KEY_BLOCK_MAGIC_SIZE)) {
     VBDEBUG(("Not a valid verified boot key block.\n"));
     return VBOOT_KEY_BLOCK_INVALID;
@@ -292,6 +296,10 @@ int VerifyFirmwarePreamble(const VbFirmwarePreambleHeader* preamble,
   const VbSignature* sig = &preamble->preamble_signature;
 
   /* Sanity checks before attempting signature of data */
+  if(size < sizeof(VbFirmwarePreambleHeader)) {
+    VBDEBUG(("Not enough data for preamble header.\n"));
+    return VBOOT_PREAMBLE_INVALID;
+  }
   if (preamble->header_version_major !=
       FIRMWARE_PREAMBLE_HEADER_VERSION_MAJOR) {
     VBDEBUG(("Incompatible firmware preamble header version.\n"));
@@ -350,6 +358,10 @@ int VerifyKernelPreamble(const VbKernelPreambleHeader* preamble,
   const VbSignature* sig = &preamble->preamble_signature;
 
   /* Sanity checks before attempting signature of data */
+  if(size < sizeof(VbKernelPreambleHeader)) {
+    VBDEBUG(("Not enough data for preamble header.\n"));
+    return VBOOT_PREAMBLE_INVALID;
+  }
   if (preamble->header_version_major != KERNEL_PREAMBLE_HEADER_VERSION_MAJOR) {
     VBDEBUG(("Incompatible kernel preamble header version.\n"));
     return VBOOT_PREAMBLE_INVALID;