Message ID | 20231015213206.43542-1-Michael.Glembotzki@iris-sensing.com |
---|---|
State | Accepted |
Delegated to: | Stefano Babic |
Headers | show |
Series | [1/2] cpio_utils: Fail on invalid Image IVT length | expand |
On 15.10.23 23:32, Michael Glembotzki wrote: > An IVT in the sw-description file that is too short would result in a image > being processed with the default IVT. In the worst case, the file would be > incorrectly decrypted and still be processed/installed/executed. > > Example: > >> cat encryption.key > 69D54287F856D30B51B812FDF714556778CF31E1B104D9C68BD90C669C37D1AB E93DA465B309C53FEC5FF93C9637DA58 > >> cat pre_post_inst.sh.dec > #!/bin/sh > > echo "UUUUUU" > > Encrypt a shell script. Please note the missing last hex character of the IVT: 8 >> openssl enc -aes-256-cbc -in pre_post_inst.sh.dec -out pre_post_inst.sh \ > -K 69D54287F856D30B51B812FDF714556778CF31E1B104D9C68BD90C669C37D1AB \ > -iv E93DA465B309C53FEC5FF93C9637DA5 > > cat sw-description > software = > { > version = "1.0.0"; > description = "Too small ivt sent in the sw description file"; > > scripts: ( > { > filename = "pre_post_inst.sh"; > type = "shellscript"; > sha256 = "c7c2ae0d3e25dd2145f76649c1bfd5ee9c588e1d3bf509f1c4d15fef089f6669"; > ivt = "E93DA465B309C53FEC5FF93C9637DA5"; > encrypted = true; > }, > ); > } > > Create and install swu: > [ERROR] : SWUPDATE failed [0] ERROR : /tmp/scripts/pre_post_inst.sh: line 3: syntax error near unexpected token `"UUUUUU"' > [ERROR] : SWUPDATE failed [0] ERROR : /tmp/scripts/pre_post_inst.sh: line 3: `echo("UUUUUU"' > > The space after the echo becomes a bracket. > > Signed-off-by: Michael Glembotzki <Michael.Glembotzki@iris-sensing.com> > --- > core/cpio_utils.c | 8 ++++++-- > 1 file changed, 6 insertions(+), 2 deletions(-) > > diff --git a/core/cpio_utils.c b/core/cpio_utils.c > index 4294083..2e5f19a 100644 > --- a/core/cpio_utils.c > +++ b/core/cpio_utils.c > @@ -443,7 +443,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby > unsigned int md_len = 0; > unsigned char *aes_key = NULL; > unsigned char *ivt = NULL; > - unsigned char ivtbuf[16]; > + unsigned char ivtbuf[AES_BLK_SIZE]; > > struct InputState input_state = { > .fdin = fdin, > @@ -514,7 +514,11 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby > > if (encrypted) { > aes_key = get_aes_key(); > - if (imgivt && strlen(imgivt) && !ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { > + if (imgivt && strlen(imgivt)) { > + if(ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { > + ERROR("invalid image ivt length"); > + return -EINVAL; > + } > ivt = ivtbuf; > } else > ivt = get_aes_ivt(); Reviewed-by: Stefano Babic <stefano.babic@swupdate.org> Best regards, Stefano Babic
diff --git a/core/cpio_utils.c b/core/cpio_utils.c index 4294083..2e5f19a 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -443,7 +443,7 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby unsigned int md_len = 0; unsigned char *aes_key = NULL; unsigned char *ivt = NULL; - unsigned char ivtbuf[16]; + unsigned char ivtbuf[AES_BLK_SIZE]; struct InputState input_state = { .fdin = fdin, @@ -514,7 +514,11 @@ static int __swupdate_copy(int fdin, unsigned char *inbuf, void *out, size_t nby if (encrypted) { aes_key = get_aes_key(); - if (imgivt && strlen(imgivt) && !ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { + if (imgivt && strlen(imgivt)) { + if(ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { + ERROR("invalid image ivt length"); + return -EINVAL; + } ivt = ivtbuf; } else ivt = get_aes_ivt();