From a5747f1ab3ec3d3876b73c08501a1e52404733f0 Mon Sep 17 00:00:00 2001
From: "Carsten Haitzler (Rasterman)" <raster@rasterman.com>
Date: Wed, 7 Oct 2015 17:24:20 +0900
Subject: [PATCH] eet - be robust about garbage at the end that looks like an
 idenity

if there is an identity signaure at the end, ONLY check it if it looks
like a real one (correct magic number, cert and sig size fields are
sane etc.). this means eet opens dont fail for files that may have
trailing garbage or padding that is not an eet identity signature.
---
 src/lib/eet/Eet_private.h |  2 ++
 src/lib/eet/eet_cipher.c  |  2 --
 src/lib/eet/eet_lib.c     | 40 ++++++++++++++++++++++++++++-----------
 3 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/src/lib/eet/Eet_private.h b/src/lib/eet/Eet_private.h
index b487cf82f5..c2e6702cac 100644
--- a/src/lib/eet/Eet_private.h
+++ b/src/lib/eet/Eet_private.h
@@ -334,4 +334,6 @@ void eet_mempool_shutdown(void);
 # define EET_ASSERT(Test, Do) if (Test == 0) {abort(); }
 #endif /* ifdef DNDEBUG */
 
+#define EET_MAGIC_SIGN 0x1ee74271
+
 #endif /* ifndef _EET_PRIVATE_H */
diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c
index 65a8635929..6ccb9cc48c 100644
--- a/src/lib/eet/eet_cipher.c
+++ b/src/lib/eet/eet_cipher.c
@@ -51,8 +51,6 @@
 #include "Eet.h"
 #include "Eet_private.h"
 
-#define EET_MAGIC_SIGN 0x1ee74271
-
 #ifdef HAVE_GNUTLS
 # define MAX_KEY_LEN   32
 # define MAX_IV_LEN    16
diff --git a/src/lib/eet/eet_lib.c b/src/lib/eet/eet_lib.c
index 367c7409fd..11d07069b6 100644
--- a/src/lib/eet/eet_lib.c
+++ b/src/lib/eet/eet_lib.c
@@ -982,18 +982,36 @@ eet_internal_read2(Eet_File *ef)
 #ifdef HAVE_SIGNATURE
         const unsigned char *buffer = ((const unsigned char *)ef->data) +
           signature_base_offset;
-        ef->x509_der = eet_identity_check(ef->data,
-                                          signature_base_offset,
-                                          &ef->sha1,
-                                          &ef->sha1_length,
-                                          buffer,
-                                          ef->data_size - signature_base_offset,
-                                          &ef->signature,
-                                          &ef->signature_length,
-                                          &ef->x509_length);
+        unsigned long int sig_size = ef->data_size - signature_base_offset;
 
-        if (eet_test_close(!ef->x509_der, ef))
-          return NULL;
+        /* check that the signature is a sane size to bother even checking */
+        if (sig_size >= (3 * sizeof(int)))
+          {
+             int head[3];
+
+             /* check the signature has the magic number and sig + cert len
+              * + magic is sane */
+             memcpy(head, buffer, 3 * sizeof(int));
+             head[0] = ntohl(head[0]);
+             head[1] = ntohl(head[1]);
+             head[2] = ntohl(head[2]);
+             if ((head[0] == EET_MAGIC_SIGN) && (head[1] > 0) && (head[2] > 0))
+               {
+                  /* there appears to be an actual valid identity at the end
+                   * so now actually check it */
+                  ef->x509_der = eet_identity_check(ef->data,
+                                                    signature_base_offset,
+                                                    &ef->sha1,
+                                                    &ef->sha1_length,
+                                                    buffer,
+                                                    sig_size,
+                                                    &ef->signature,
+                                                    &ef->signature_length,
+                                                    &ef->x509_length);
+
+                  if (eet_test_close(!ef->x509_der, ef)) return NULL;
+               }
+          }
 
 #else /* ifdef HAVE_SIGNATURE */
         ERR(