From c48e3922ca4beb311a5f7a34620fa101f5e1a9d0 Mon Sep 17 00:00:00 2001
From: Jeremy Kerr <jeremy.kerr@canonical.com>
Date: Mon, 14 May 2012 15:52:03 +0800
Subject: [PATCH] sbverify: add check for invalid PKCS7 data

Make sure d2i_PKCS7 returned a PKCS7 structure.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
---
 sbverify.c | 9 +++++++--
 1 file changed, 7 insertions(+), 2 deletions(-)

diff --git a/sbverify.c b/sbverify.c
index fec5b32..ddb54d8 100644
--- a/sbverify.c
+++ b/sbverify.c
@@ -153,12 +153,17 @@ int main(int argc, char **argv)
 		goto out;
 	}
 
-	header = image->buf + image->data_dir_sigtable->addr;
-
 	ERR_load_crypto_strings();
 	OpenSSL_add_all_digests();
+
+	header = image->buf + image->data_dir_sigtable->addr;
 	buf = (void *)(header + 1);
 	p7 = d2i_PKCS7(NULL, &buf, header->size);
+	if (!p7) {
+		fprintf(stderr, "Unable to parse signature data\n");
+		ERR_print_errors_fp(stderr);
+		goto out;
+	}
 
 	idcbio = BIO_new(BIO_s_mem());
 	idc = IDC_get(p7, idcbio);