eet - be robust about garbage at the end that looks like an idenity

if there is an identity signaure at the end, ONLY check it if it looks like a real one (correct magic number, cert and sig size fields are sane etc.). this means eet opens dont fail for files that may have trailing garbage or padding that is not an eet identity signature.
2015-10-07 17:24:20 +09:00 · 2015-10-07 17:24:20 +09:00 · a5747f1ab3
parent 44af3cb718
commit a5747f1ab3
3 changed files with 31 additions and 13 deletions
--- a/src/lib/eet/Eet_private.h
+++ b/src/lib/eet/Eet_private.h
@ -334,4 +334,6 @@ void eet_mempool_shutdown(void);
 # define EET_ASSERT(Test, Do) if (Test == 0) {abort(); }
 #endif /* ifdef DNDEBUG */

+#define EET_MAGIC_SIGN 0x1ee74271
+
 #endif /* ifndef _EET_PRIVATE_H */
--- a/src/lib/eet/eet_cipher.c
+++ b/src/lib/eet/eet_cipher.c
@ -51,8 +51,6 @@
 #include "Eet.h"
 #include "Eet_private.h"

-#define EET_MAGIC_SIGN 0x1ee74271
-
 #ifdef HAVE_GNUTLS
 # define MAX_KEY_LEN   32
 # define MAX_IV_LEN    16
--- a/src/lib/eet/eet_lib.c
+++ b/src/lib/eet/eet_lib.c
@ -982,18 +982,36 @@ eet_internal_read2(Eet_File *ef)
 #ifdef HAVE_SIGNATURE
        const unsigned char *buffer = ((const unsigned char *)ef->data) +
          signature_base_offset;
-        ef->x509_der = eet_identity_check(ef->data,
-                                          signature_base_offset,
-                                          &ef->sha1,
-                                          &ef->sha1_length,
-                                          buffer,
-                                          ef->data_size - signature_base_offset,
-                                          &ef->signature,
-                                          &ef->signature_length,
-                                          &ef->x509_length);
+        unsigned long int sig_size = ef->data_size - signature_base_offset;

-        if (eet_test_close(!ef->x509_der, ef))
-          return NULL;
+        /* check that the signature is a sane size to bother even checking */
+        if (sig_size >= (3 * sizeof(int)))
+          {
+             int head[3];
+
+             /* check the signature has the magic number and sig + cert len
+              * + magic is sane */
+             memcpy(head, buffer, 3 * sizeof(int));
+             head[0] = ntohl(head[0]);
+             head[1] = ntohl(head[1]);
+             head[2] = ntohl(head[2]);
+             if ((head[0] == EET_MAGIC_SIGN) && (head[1] > 0) && (head[2] > 0))
+               {
+                  /* there appears to be an actual valid identity at the end
+                   * so now actually check it */
+                  ef->x509_der = eet_identity_check(ef->data,
+                                                    signature_base_offset,
+                                                    &ef->sha1,
+                                                    &ef->sha1_length,
+                                                    buffer,
+                                                    sig_size,
+                                                    &ef->signature,
+                                                    &ef->signature_length,
+                                                    &ef->x509_length);
+
+                  if (eet_test_close(!ef->x509_der, ef)) return NULL;
+               }
+          }

 #else /* ifdef HAVE_SIGNATURE */
        ERR(