commit 87c2dd674b15370e8144124b95a65c30cd4d55bc
author Channagoud Kadabi <ckadabi@codeaurora.org> Thu Jun 26 14:26:39 2014 -0700
committer Gerrit - the friendly Code Review server <code-review@localhost> Mon Jun 30 15:17:08 2014 -0700
tree be09164412731ce2ada7335f944f38408a22ab4b
parent 2f73ce34e7b799373016f1ce614deeb51e03caa2

app: aboot: Fix size check for boot image

If the boot image is signed include signature size while validating
the size of boot image.

CRs-Fixed: 682002
Change-Id: I8a87fd9723e87af4f17bad7635486d415a9b5a7e

app/aboot/aboot.c

diff --git a/app/aboot/aboot.c b/app/aboot/aboot.c
index 4a3011e..56252b8 100755
--- a/app/aboot/aboot.c
+++ b/app/aboot/aboot.c
@@ -1478,6 +1478,7 @@
 	unsigned ramdisk_actual;
 	uint32_t image_actual;
 	uint32_t dt_actual = 0;
+	uint32_t sig_actual = SIGNATURE_SIZE;
 	struct boot_img_hdr *hdr;
 	char *ptr = ((char*) data);
 	int ret = 0;
@@ -1508,9 +1509,12 @@
 	image_actual = ADD_OF(image_actual, ramdisk_actual);
 	image_actual = ADD_OF(image_actual, dt_actual);
 
+	if (target_use_signed_kernel() && (!device.is_unlocked))
+		image_actual = ADD_OF(image_actual, sig_actual);
+
 	/* sz should have atleast raw boot image */
 	if (image_actual > sz) {
-		fastboot_fail("incomplete bootimage");
+		fastboot_fail("bootimage: incomplete or not signed");
 		return;
 	}
 
@@ -1518,7 +1522,10 @@
 	 * device & page_size are initialized in aboot_init
 	 */
 	if (target_use_signed_kernel() && (!device.is_unlocked))
-		verify_signed_bootimg((uint32_t)data, image_actual);
+		/* Pass size excluding signature size, otherwise we would try to
+		 * access signature beyond its length
+		 */
+		verify_signed_bootimg((uint32_t)data, (image_actual - sig_actual));
 
 	/*
 	 * Update the kernel/ramdisk/tags address if the boot image header