vboot2: Fix potential null pointer dereference
If key is null in vb2_verify_digest(), we could attempt to dereference
it. In practice it never is, but for safety's sake we should avoid
the reference.
BUG=chrome-os-partner:32235
BRANCH=none
TEST=VBOOT2=1 make runtests
Change-Id: I5a817e432922ea4c3b439b696cd2f8d988d0fecc
Signed-off-by: Randall Spangler <rspangler@chromium.org>
Reviewed-on: https://chromium-review.googlesource.com/219574
Reviewed-by: Bill Richardson <wfrichar@chromium.org>
diff --git a/firmware/2lib/2rsa.c b/firmware/2lib/2rsa.c
index cc39b1d..47ef179 100644
--- a/firmware/2lib/2rsa.c
+++ b/firmware/2lib/2rsa.c
@@ -313,7 +313,7 @@
{
struct vb2_workbuf wblocal = *wb;
uint32_t *workbuf32;
- uint32_t key_bytes = key->arrsize * sizeof(uint32_t);
+ uint32_t key_bytes;
int pad_size;
int rv;
@@ -326,6 +326,7 @@
}
/* Signature length should be same as key length */
+ key_bytes = key->arrsize * sizeof(uint32_t);
if (key_bytes != vb2_rsa_sig_size(key->algorithm)) {
VB2_DEBUG("Signature is of incorrect length!\n");
return VB2_ERROR_RSA_VERIFY_SIG_LEN;