Merge "platform: msm_shared: Size of decrypted signature should be equal to size of digest"

commit: bdbdff507da7aabfdb8c902f12120164c7313b2d [log] [tgz]
author: Linux Build Service Account <lnxbuild@localhost> Thu Apr 24 03:17:03 2014 -0700
committer: Gerrit - the friendly Code Review server <code-review@localhost> Thu Apr 24 03:17:03 2014 -0700
tree: 2daf20ecc34691cb44b8a4076b3ea77fa34ffddb
parent: 96d66feaddb8f0a33b202e55be8f749b316d3f8b [diff]
parent: f2a513d8b4e340e8e244195e74c06186729bae6a [diff]
diff --git a/platform/msm_shared/image_verify.c b/platform/msm_shared/image_verify.c
index edca3bc..0d280f2 100644
--- a/platform/msm_shared/image_verify.c
+++ b/platform/msm_shared/image_verify.c

@@ -115,10 +115,12 @@
 
 	/*
 	 * Decrypt the pre-calculated expected image hash.
+	 * Return value, ret should be equal to hash_size. Otherwise it means a failure. With this check
+	 * we avoid a potential vulnerability due to trailing data placed at the end of digest.
 	 */
 	ret = image_decrypt_signature(signature_ptr, plain_text);
-	if (ret == -1) {
-		dprintf(CRITICAL, "ERROR: Image Invalid! Decryption failed!\n");
+	if (ret != hash_size) {
+		dprintf(CRITICAL, "ERROR: Image Invalid! signature check failed! ret %d\n", ret);
 		goto cleanup;
 	}
commit	bdbdff507da7aabfdb8c902f12120164c7313b2d	[log] [tgz]
author	Linux Build Service Account <lnxbuild@localhost>	Thu Apr 24 03:17:03 2014 -0700
committer	Gerrit - the friendly Code Review server <code-review@localhost>	Thu Apr 24 03:17:03 2014 -0700
tree	2daf20ecc34691cb44b8a4076b3ea77fa34ffddb
parent	96d66feaddb8f0a33b202e55be8f749b316d3f8b [diff]
parent	f2a513d8b4e340e8e244195e74c06186729bae6a [diff]