futility: vb1_helper: Fix sanity size check for parsing kernel partition
vbutil_kernel --verify didn't check if the size of the kernel body fit
the file it was in. Now it does.
BRANCH=None
BUG=None
TEST=make runtests
Signed-off-by: Julius Werner <jwerner@chromium.org>
Change-Id: I9cdfd50bd70b72650cdc0fd62bf59a394746ad84
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/platform/vboot_reference/+/2225663
Reviewed-by: Joel Kitching <kitching@chromium.org>
diff --git a/futility/vb1_helper.c b/futility/vb1_helper.c
index cdc3925..ef497e6 100644
--- a/futility/vb1_helper.c
+++ b/futility/vb1_helper.c
@@ -384,10 +384,12 @@
g_kernel_blob_size = preamble->body_signature.data_size;
/* Sanity check */
- if (g_kernel_blob_size < preamble->body_signature.data_size)
+ if (kpart_size < now + g_kernel_blob_size) {
fprintf(stderr,
- "Warning: kernel file only has %#x bytes\n",
+ "kernel body size %u exceeds partition end\n",
g_kernel_blob_size);
+ return NULL;
+ }
/* Update the blob pointers */
UnpackKernelBlob(g_kernel_blob_data);