futility: vb1_helper: Fix sanity size check for parsing kernel partition vbutil_kernel --verify didn't check if the size of the kernel body fit the file it was in. Now it does. BRANCH=None BUG=None TEST=make runtests Signed-off-by: Julius Werner <jwerner@chromium.org> Change-Id: I9cdfd50bd70b72650cdc0fd62bf59a394746ad84 Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2225663 Reviewed-by: Joel Kitching <kitching@chromium.org>

commit: d5a4570063abd5883559f40af9f8f5192a143ee7 [log] [tgz]
author: Julius Werner <jwerner@chromium.org> Mon Jun 01 16:11:10 2020 -0700
committer: Commit Bot <commit-bot@chromium.org> Sat Jun 06 04:40:01 2020 +0000
tree: 954087172fa73a0e53554de5298905017449dcd7
parent: 8467bb3d6ded247b16fc52f7e0d60636a4e16933 [diff]
diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c
index cdc3925..ef497e6 100644
--- a/futility/vb1_helper.c
+++ b/futility/vb1_helper.c

@@ -384,10 +384,12 @@
 	g_kernel_blob_size = preamble->body_signature.data_size;
 
 	/* Sanity check */
-	if (g_kernel_blob_size < preamble->body_signature.data_size)
+	if (kpart_size < now + g_kernel_blob_size) {
 		fprintf(stderr,
-			"Warning: kernel file only has %#x bytes\n",
+			"kernel body size %u exceeds partition end\n",
 			g_kernel_blob_size);
+		return NULL;
+	}
 
 	/* Update the blob pointers */
 	UnpackKernelBlob(g_kernel_blob_data);
commit	d5a4570063abd5883559f40af9f8f5192a143ee7	[log] [tgz]
author	Julius Werner <jwerner@chromium.org>	Mon Jun 01 16:11:10 2020 -0700
committer	Commit Bot <commit-bot@chromium.org>	Sat Jun 06 04:40:01 2020 +0000
tree	954087172fa73a0e53554de5298905017449dcd7
parent	8467bb3d6ded247b16fc52f7e0d60636a4e16933 [diff]