Message ID | 20200526090103.6489-2-sde@unmatched.eu |
---|---|
State | Changes Requested |
Headers | show |
Series | None | expand |
On 26.05.20 11:01, Stijn Devriendt wrote: > This also shows that the ivt buffer in copyfile was incorrectly sized. > --- > core/cpio_utils.c | 4 ++-- > core/util.c | 23 +++++++++++++---------- > include/util.h | 2 +- > 3 files changed, 16 insertions(+), 13 deletions(-) > > diff --git a/core/cpio_utils.c b/core/cpio_utils.c > index da84057..9afb699 100644 > --- a/core/cpio_utils.c > +++ b/core/cpio_utils.c > @@ -389,7 +389,7 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi > unsigned int md_len = 0; > unsigned char *aes_key = NULL; > unsigned char *ivt = NULL; > - unsigned char ivtbuf[32]; > + unsigned char ivtbuf[16]; > > struct InputState input_state = { > .fdin = fdin, > @@ -449,7 +449,7 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi > > if (encrypted) { > aes_key = get_aes_key(); > - if (imgivt && strlen(imgivt) && !ascii_to_bin(ivtbuf, imgivt, sizeof(ivtbuf))) { > + if (imgivt && strlen(imgivt) && !ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { > ivt = ivtbuf; > } else > ivt = get_aes_ivt(); > diff --git a/core/util.c b/core/util.c > index bd7ef6e..88dd8ac 100644 > --- a/core/util.c > +++ b/core/util.c > @@ -54,24 +54,27 @@ static char* TMPDIRSCRIPT = NULL; > * Convert a hash as hexa string into a sequence of bytes > * hash must be an array of 32 bytes as specified by SHA256 > */ > -int ascii_to_bin(unsigned char *dest, const char *src, size_t srclen) > +int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src) > { > unsigned int i; > unsigned int val; > + size_t srclen; > > if (src == NULL) { > return 0; > } > > + srclen = strlen(src); > + > if (srclen % 2) > return -EINVAL; > - if (strlen(src) == srclen) { > - for (i = 0; i < srclen; i+= 2) { > - val = from_ascii(&src[i], 2, LG_16); > - dest[i / 2] = val; > + if (srclen == 2 * dstlen) { > + for (i = 0; i < dstlen; i++) { > + val = from_ascii(&src[i*2], 2, LG_16); > + dest[i] = val; > } > } else > - return -1; > + return -EINVAL; > > return 0; > } > @@ -463,7 +466,7 @@ from_ascii (char const *where, size_t digs, unsigned logbase) > > int ascii_to_hash(unsigned char *hash, const char *s) > { > - return ascii_to_bin(hash, s, 64); > + return ascii_to_bin(hash, SHA256_HASH_LENGTH, s); > } > > void hash_to_ascii(const unsigned char *hash, char *str) > @@ -572,8 +575,8 @@ int set_aes_key(const char *key, const char *ivt) > return -ENOMEM; > } > > - ret = ascii_to_bin(aes_key->key, key, sizeof(aes_key->key) * 2) | > - ascii_to_bin(aes_key->ivt, ivt, sizeof(aes_key->ivt) * 2); > + ret = ascii_to_bin(aes_key->key, sizeof(aes_key->key), key) | > + ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt); > > if (ret) { > return -EINVAL; > @@ -589,7 +592,7 @@ int set_aes_ivt(const char *ivt) > if (!aes_key) > return -EFAULT; > > - ret = ascii_to_bin(aes_key->ivt, ivt, sizeof(aes_key->ivt) * 2); > + ret = ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt); > > if (ret) { > return -EINVAL; > diff --git a/include/util.h b/include/util.h > index 68df96a..2f83c8a 100644 > --- a/include/util.h > +++ b/include/util.h > @@ -140,7 +140,7 @@ typedef void (*notifier) (RECOVERY_STATUS status, int error, int level, const ch > uintmax_t > from_ascii (char const *where, size_t digs, unsigned logbase); > int ascii_to_hash(unsigned char *hash, const char *s); > -int ascii_to_bin(unsigned char *dest, const char *src, size_t srclen); > +int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src); > void hash_to_ascii(const unsigned char *hash, char *s); > int IsValidHash(const unsigned char *hash); > > Agree, this is more consistent. I will test myself, too. Acked-by: Stefano Babic <sbabic@denx.de> Best regards, Stefano Babic
diff --git a/core/cpio_utils.c b/core/cpio_utils.c index da84057..9afb699 100644 --- a/core/cpio_utils.c +++ b/core/cpio_utils.c @@ -389,7 +389,7 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi unsigned int md_len = 0; unsigned char *aes_key = NULL; unsigned char *ivt = NULL; - unsigned char ivtbuf[32]; + unsigned char ivtbuf[16]; struct InputState input_state = { .fdin = fdin, @@ -449,7 +449,7 @@ int copyfile(int fdin, void *out, unsigned int nbytes, unsigned long *offs, unsi if (encrypted) { aes_key = get_aes_key(); - if (imgivt && strlen(imgivt) && !ascii_to_bin(ivtbuf, imgivt, sizeof(ivtbuf))) { + if (imgivt && strlen(imgivt) && !ascii_to_bin(ivtbuf, sizeof(ivtbuf), imgivt)) { ivt = ivtbuf; } else ivt = get_aes_ivt(); diff --git a/core/util.c b/core/util.c index bd7ef6e..88dd8ac 100644 --- a/core/util.c +++ b/core/util.c @@ -54,24 +54,27 @@ static char* TMPDIRSCRIPT = NULL; * Convert a hash as hexa string into a sequence of bytes * hash must be an array of 32 bytes as specified by SHA256 */ -int ascii_to_bin(unsigned char *dest, const char *src, size_t srclen) +int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src) { unsigned int i; unsigned int val; + size_t srclen; if (src == NULL) { return 0; } + srclen = strlen(src); + if (srclen % 2) return -EINVAL; - if (strlen(src) == srclen) { - for (i = 0; i < srclen; i+= 2) { - val = from_ascii(&src[i], 2, LG_16); - dest[i / 2] = val; + if (srclen == 2 * dstlen) { + for (i = 0; i < dstlen; i++) { + val = from_ascii(&src[i*2], 2, LG_16); + dest[i] = val; } } else - return -1; + return -EINVAL; return 0; } @@ -463,7 +466,7 @@ from_ascii (char const *where, size_t digs, unsigned logbase) int ascii_to_hash(unsigned char *hash, const char *s) { - return ascii_to_bin(hash, s, 64); + return ascii_to_bin(hash, SHA256_HASH_LENGTH, s); } void hash_to_ascii(const unsigned char *hash, char *str) @@ -572,8 +575,8 @@ int set_aes_key(const char *key, const char *ivt) return -ENOMEM; } - ret = ascii_to_bin(aes_key->key, key, sizeof(aes_key->key) * 2) | - ascii_to_bin(aes_key->ivt, ivt, sizeof(aes_key->ivt) * 2); + ret = ascii_to_bin(aes_key->key, sizeof(aes_key->key), key) | + ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt); if (ret) { return -EINVAL; @@ -589,7 +592,7 @@ int set_aes_ivt(const char *ivt) if (!aes_key) return -EFAULT; - ret = ascii_to_bin(aes_key->ivt, ivt, sizeof(aes_key->ivt) * 2); + ret = ascii_to_bin(aes_key->ivt, sizeof(aes_key->ivt), ivt); if (ret) { return -EINVAL; diff --git a/include/util.h b/include/util.h index 68df96a..2f83c8a 100644 --- a/include/util.h +++ b/include/util.h @@ -140,7 +140,7 @@ typedef void (*notifier) (RECOVERY_STATUS status, int error, int level, const ch uintmax_t from_ascii (char const *where, size_t digs, unsigned logbase); int ascii_to_hash(unsigned char *hash, const char *s); -int ascii_to_bin(unsigned char *dest, const char *src, size_t srclen); +int ascii_to_bin(unsigned char *dest, size_t dstlen, const char *src); void hash_to_ascii(const unsigned char *hash, char *s); int IsValidHash(const unsigned char *hash);