Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / e5e03e864e9015acee078cad829451611da75eb1
commite5e03e864e9015acee078cad829451611da75eb1[log] [tgz]
authorDemi Marie Obenour <demiobenour@gmail.com>Sat Jan 28 15:15:37 2023 -0500
committerDemi Marie Obenour <demiobenour@gmail.com>Thu Mar 02 11:48:43 2023 -0500
tree36b84cb272762812acc60a2fb72ce831661bf972
parent43277274ab238bc43eeae7b14a4811745a4bc1b5 [diff]
refactor(auth): use a single function for parsing extensions

Previously, extensions were parsed twice: once with error checking for
validation, and a second time without error checking to extract the
extension data.  This is error prone and caused TFV-10 (CVE-2022-47630).

A simpler approach is to have get_ext() be responsible for all extension
parsing, and to treat a NULL OID as an indicator that get_ext() is only
being called for validation.  cert_parse() checks that get_ext() returns
IMG_PARSER_OK and fails otherwise.

Change-Id: I65a2ff053a188351ba54799827a2b7bd833bb037
Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
1 file changed
tree: 36b84cb272762812acc60a2fb72ce831661bf972
  1. .husky/
  2. bl1/
  3. bl2/
  4. bl2u/
  5. bl31/
  6. bl32/
  7. common/
  8. docs/
  9. drivers/
  10. fdts/
  11. include/
  12. lib/
  13. licenses/
  14. make_helpers/
  15. plat/
  16. services/
  17. tools/
  18. .checkpatch.conf
  19. .commitlintrc.js
  20. .cz.json
  21. .editorconfig
  22. .gitignore
  23. .gitreview
  24. .nvmrc
  25. .readthedocs.yaml
  26. .versionrc.js
  27. changelog.yaml
  28. dco.txt
  29. license.rst
  30. Makefile
  31. package-lock.json
  32. package.json
  33. readme.rst