sbverify: add check for invalid PKCS7 data

Make sure d2i_PKCS7 returned a PKCS7 structure.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
Jeremy Kerr 2012-05-14 15:52:03 +08:00
parent e3d6afbd61
commit c48e3922ca

View file

@ -153,12 +153,17 @@ int main(int argc, char **argv)
goto out; goto out;
} }
header = image->buf + image->data_dir_sigtable->addr;
ERR_load_crypto_strings(); ERR_load_crypto_strings();
OpenSSL_add_all_digests(); OpenSSL_add_all_digests();
header = image->buf + image->data_dir_sigtable->addr;
buf = (void *)(header + 1); buf = (void *)(header + 1);
p7 = d2i_PKCS7(NULL, &buf, header->size); p7 = d2i_PKCS7(NULL, &buf, header->size);
if (!p7) {
fprintf(stderr, "Unable to parse signature data\n");
ERR_print_errors_fp(stderr);
goto out;
}
idcbio = BIO_new(BIO_s_mem()); idcbio = BIO_new(BIO_s_mem());
idc = IDC_get(p7, idcbio); idc = IDC_get(p7, idcbio);