platform: msm_shared: Size of decrypted signature should be equal to size of digest For a successful boot image authentication, the RSA_public_decrypt() api returns the size of the digest otherwise its a failure. This check avoids vulnerability due to trailing data placed at the end of digest. CRs-Fixed: 646385 Change-Id: I32c2d97d5c308d33146c509347915ca65fdd11ac

commit: f2a513d8b4e340e8e244195e74c06186729bae6a [log] [tgz]
author: Sundarajan Srinivasan <sundaraj@codeaurora.org> Mon Apr 21 14:14:30 2014 -0700
committer: Gerrit - the friendly Code Review server <code-review@localhost> Thu Apr 24 00:14:43 2014 -0700
tree: 15f0bcb186e60ad440e47f440c502c9033b0a5c4
parent: e5ad19959848f391ecfb7b1b09d7ee6c6a6396ba [diff]
diff --git a/platform/msm_shared/image_verify.c b/platform/msm_shared/image_verify.c
index edca3bc..0d280f2 100644
--- a/platform/msm_shared/image_verify.c
+++ b/platform/msm_shared/image_verify.c

@@ -115,10 +115,12 @@
 
 	/*
 	 * Decrypt the pre-calculated expected image hash.
+	 * Return value, ret should be equal to hash_size. Otherwise it means a failure. With this check
+	 * we avoid a potential vulnerability due to trailing data placed at the end of digest.
 	 */
 	ret = image_decrypt_signature(signature_ptr, plain_text);
-	if (ret == -1) {
-		dprintf(CRITICAL, "ERROR: Image Invalid! Decryption failed!\n");
+	if (ret != hash_size) {
+		dprintf(CRITICAL, "ERROR: Image Invalid! signature check failed! ret %d\n", ret);
 		goto cleanup;
 	}
commit	f2a513d8b4e340e8e244195e74c06186729bae6a	[log] [tgz]
author	Sundarajan Srinivasan <sundaraj@codeaurora.org>	Mon Apr 21 14:14:30 2014 -0700
committer	Gerrit - the friendly Code Review server <code-review@localhost>	Thu Apr 24 00:14:43 2014 -0700
tree	15f0bcb186e60ad440e47f440c502c9033b0a5c4
parent	e5ad19959848f391ecfb7b1b09d7ee6c6a6396ba [diff]