rpms / shim

Clone
Source Code
GIT

Blame SOURCES/0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch

c4 c5 c5-plus c6 c6-plus c7 c7-aarch64 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta
  1.   e97c8333a9cd000eb0adfb33dba7ba87d238802b
  2.   SOURCES
  3.   0057-Validate-computed-hash-bases-hash-sizes-more-thoroug.patch
Blob History Raw
e97c83 
From f04d50b74770f5c7f7e0a1c3c24b7713fbec0802 Mon Sep 17 00:00:00 2001
e97c83 
From: Peter Jones <pjones@redhat.com>
e97c83 
Date: Sat, 20 Sep 2014 16:47:08 -0400
e97c83 
Subject: [PATCH 57/74] Validate computed hash bases/hash sizes more
e97c83 
 thoroughly.
e97c83
e97c83 
I screwed one of these up when working on 750584c, and it's a real pain
e97c83 
to figure out, so that means we should be validating them.
e97c83
e97c83 
Signed-off-by: Peter Jones <pjones@redhat.com>
e97c83 
---
e97c83 
 shim.c | 21 +++++++++++++++++++++
e97c83 
 1 file changed, 21 insertions(+)
e97c83
e97c83 
diff --git a/shim.c b/shim.c
e97c83 
index c1b5c17..cfa90d1 100644
e97c83 
--- a/shim.c
e97c83 
+++ b/shim.c
e97c83 
@@ -593,6 +593,22 @@ static BOOLEAN secure_mode (void)
e97c83 
 	return TRUE;
e97c83 
 }
e97c83
e97c83 
+#define check_size_line(data, datasize_in, hashbase, hashsize, l) ({	\
e97c83 
+	if ((unsigned long)hashbase >					\
e97c83 
+			(unsigned long)data + datasize_in) {		\
e97c83 
+		perror(L"shim.c:%d Invalid hash base 0x%016x\n", l,	\
e97c83 
+			hashbase);					\
e97c83 
+		goto done;						\
e97c83 
+	}								\
e97c83 
+	if ((unsigned long)hashbase + hashsize >			\
e97c83 
+			(unsigned long)data + datasize_in) {		\
e97c83 
+		perror(L"shim.c:%d Invalid hash size 0x%016x\n", l,	\
e97c83 
+			hashsize);					\
e97c83 
+		goto done;						\
e97c83 
+	}								\
e97c83 
+})
e97c83 
+#define check_size(d,ds,h,hs) check_size_line(d,ds,h,hs,__LINE__)
e97c83 
+
e97c83 
 /*
e97c83 
  * Calculate the SHA1 and SHA256 hashes of a binary
e97c83 
  */
e97c83 
@@ -650,6 +666,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
e97c83 
 	hashbase = data;
e97c83 
 	hashsize = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum -
e97c83 
 		hashbase;
e97c83 
+	check_size(data, datasize_in, hashbase, hashsize);
e97c83
e97c83 
 	if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
e97c83 
 	    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
e97c83 
@@ -662,6 +679,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
e97c83 
 	hashbase = (char *)&context->PEHdr->Pe32.OptionalHeader.CheckSum +
e97c83 
 		sizeof (int);
e97c83 
 	hashsize = (char *)context->SecDir - hashbase;
e97c83 
+	check_size(data, datasize_in, hashbase, hashsize);
e97c83
e97c83 
 	if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
e97c83 
 	    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
e97c83 
@@ -679,6 +697,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
e97c83 
 		status = EFI_INVALID_PARAMETER;
e97c83 
 		goto done;
e97c83 
 	}
e97c83 
+	check_size(data, datasize_in, hashbase, hashsize);
e97c83
e97c83 
 	if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
e97c83 
 	    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
e97c83 
@@ -763,6 +782,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
e97c83 
 			goto done;
e97c83 
 		}
e97c83 
 		hashsize  = (unsigned int) Section->SizeOfRawData;
e97c83 
+		check_size(data, datasize_in, hashbase, hashsize);
e97c83
e97c83 
 		if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
e97c83 
 		    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
e97c83 
@@ -777,6 +797,7 @@ static EFI_STATUS generate_hash (char *data, unsigned int datasize_in,
e97c83 
 	if (datasize > SumOfBytesHashed) {
e97c83 
 		hashbase = data + SumOfBytesHashed;
e97c83 
 		hashsize = datasize - context->SecDir->Size - SumOfBytesHashed;
e97c83 
+		check_size(data, datasize_in, hashbase, hashsize);
e97c83
e97c83 
 		if (!(Sha256Update(sha256ctx, hashbase, hashsize)) ||
e97c83 
 		    !(Sha1Update(sha1ctx, hashbase, hashsize))) {
e97c83 
--
e97c83 
1.9.3
e97c83

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation