diff options
author | Alexey Polyudov <apolyudov@google.com> | 2016-06-27 14:21:14 -0700 |
---|---|---|
committer | Alexey Polyudov <apolyudov@google.com> | 2016-06-27 14:22:26 -0700 |
commit | 35c01d826536945348d674b04efef8d3ca5dbd30 (patch) | |
tree | 5c7c69872772ceabd2727e9947d732e9a9f579cd | |
parent | 0ccef9ffbbfaa52c6498fe3e68edf8a414706ea7 (diff) | |
download | contexthub-35c01d826536945348d674b04efef8d3ca5dbd30.tar.gz |
nanoapp_sign: fix overread condidion
Bug: 29416389
Change-Id: If3d9619a46d904cea6b8497cdfaa5deb60895b6f
Signed-off-by: Alexey Polyudov <apolyudov@google.com>
-rw-r--r-- | util/nanoapp_sign/nanoapp_sign.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/util/nanoapp_sign/nanoapp_sign.c b/util/nanoapp_sign/nanoapp_sign.c index 6153d910..15edd14e 100644 --- a/util/nanoapp_sign/nanoapp_sign.c +++ b/util/nanoapp_sign/nanoapp_sign.c @@ -239,6 +239,11 @@ static int handleVerify(uint8_t **pbuf, uint32_t bufUsed, struct RsaData *rsa, b bool lastTrusted = false; int sigData; + if (bufUsed < (sizeof(*image) + sizeof(*secHdr))) { + fprintf(stderr, "Invalid signature header: file is too short\n"); + return 2; + } + if (verbose) fprintf(stderr, "Original Data len=%" PRIu32 " b; file size=%" PRIu32 " b; diff=%" PRIu32 " b\n", secHdr->appDataLen, bufUsed, bufUsed - secHdr->appDataLen); @@ -515,7 +520,8 @@ int main(int argc, char **argv) image = (struct ImageHeader *)buf; if (!bareData && !txt2bin) { - if (image->aosp.header_version == 1 && + if (bufUsed >= sizeof(*image) && + image->aosp.header_version == 1 && image->aosp.magic == NANOAPP_AOSP_MAGIC && image->layout.magic == GOOGLE_LAYOUT_MAGIC) { fprintf(stderr, "Found AOSP header\n"); |