futility: fix segfault on short files
authorVincent Palatin <vpalatin@chromium.org>
Fri, 16 Oct 2015 00:46:58 +0000 (17:46 -0700)
committerchrome-bot <chrome-bot@chromium.org>
Sat, 17 Oct 2015 15:18:48 +0000 (08:18 -0700)
Verify the size of the buffer read from the file before trying to use 1KB of
it for the new rwsig format detection.

Add a new test case with a short file containing only 4 bytes of unknown
data and run "futility show" on it.

BRANCH=smaug
BUG=none
TEST=futility show foobar.pub.pem
where foobar.pub.pem is a 451-byte file.
check that "make runtests" passes with the fix
and fails without it with the following message :
test_file_types.sh ... failed
FAIL: 13 / 14 passed

Change-Id: Ia9d68c6b528c2b3a595ea6791c907374616d051f
Reviewed-on: https://chromium-review.googlesource.com/306682
Commit-Ready: Vincent Palatin <vpalatin@chromium.org>
Tested-by: Vincent Palatin <vpalatin@chromium.org>
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
futility/file_type_rwsig.c
tests/futility/data/short_junk.bin [new file with mode: 0644]
tests/futility/test_file_types.sh

index e50ff32..b9c9e21 100644 (file)
@@ -226,7 +226,8 @@ enum futil_file_type ft_recognize_rwsig(uint8_t *buf, uint32_t len)
        if (!vb2_verify_signature((const struct vb2_signature *)buf, len))
                return FILE_TYPE_RWSIG;
 
-       if (!vb2_verify_signature((const struct vb2_signature *)
+       if (len >= SIGNATURE_RSVD_SIZE &&
+           !vb2_verify_signature((const struct vb2_signature *)
                                  (buf + len - SIGNATURE_RSVD_SIZE),
                                  SIGNATURE_RSVD_SIZE))
                return FILE_TYPE_RWSIG;
diff --git a/tests/futility/data/short_junk.bin b/tests/futility/data/short_junk.bin
new file mode 100644 (file)
index 0000000..dc765c3
--- /dev/null
@@ -0,0 +1 @@
+JUNK
index 8acbcf7..470d631 100755 (executable)
@@ -26,6 +26,7 @@ fail_case() {
 }
 
 # Known types
+test_case "unknown"         "tests/futility/data/short_junk.bin"
 test_case "unknown"         "tests/futility/data/random_noise.bin"
 test_case "pubkey"          "tests/devkeys/root_key.vbpubk"
 test_case "keyblock"        "tests/devkeys/kernel.keyblock"