Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / lk / bf6ce7d2fd248ec5bab0707bdfb0467ac0e1606f
commitbf6ce7d2fd248ec5bab0707bdfb0467ac0e1606f[log] [tgz]
authorChannagoud Kadabi <ckadabi@codeaurora.org>Thu Sep 17 13:25:35 2015 -0700
committerChannagoud Kadabi <ckadabi@codeaurora.org>Mon Oct 19 10:49:02 2015 -0700
tree4a4d7570a2621e2ce3f9ce962ed1dfa8ea202546
parentad26c7677639c197aae097fb17aa4b3e76e7b8d4 [diff]
platform: msm_shared: Fix potential buffer overflow

The signature length is calcualted from the signature buffer, the length
calculated is then passed to d2i apis for signature decoding. The length
could be any arbitrary value and can cause buffer overread in the d2i
apis. To make sure there are no buffer overflows check the return value
of read_der_message_length api does not exceed size of signature buffer.
Also make sure the there are no buffer overreads in cmd_boot, if the
boot buffer size - total image size excluding the signature is less than
page_size then assert with the failure.

Change-Id: I19b32b28ec61510064259a6271b4e5a918a12951
2 files changed
tree: 4a4d7570a2621e2ce3f9ce962ed1dfa8ea202546
  1. app/
  2. arch/
  3. dev/
  4. include/
  5. kernel/
  6. lib/
  7. make/
  8. platform/
  9. project/
  10. scripts/
  11. target/
  12. .gitignore
  13. AndroidBoot.mk
  14. LICENSE
  15. makefile