Merge "platform: msm_shared: Size of decrypted signature should be equal to size of digest"
diff --git a/platform/msm_shared/image_verify.c b/platform/msm_shared/image_verify.c
index edca3bc..0d280f2 100644
--- a/platform/msm_shared/image_verify.c
+++ b/platform/msm_shared/image_verify.c
@@ -115,10 +115,12 @@
/*
* Decrypt the pre-calculated expected image hash.
+ * Return value, ret should be equal to hash_size. Otherwise it means a failure. With this check
+ * we avoid a potential vulnerability due to trailing data placed at the end of digest.
*/
ret = image_decrypt_signature(signature_ptr, plain_text);
- if (ret == -1) {
- dprintf(CRITICAL, "ERROR: Image Invalid! Decryption failed!\n");
+ if (ret != hash_size) {
+ dprintf(CRITICAL, "ERROR: Image Invalid! signature check failed! ret %d\n", ret);
goto cleanup;
}