Gitiles
Code Review Sign In
git01.mediatek.com / filogic / atf / f18daf7db473988bd9c5a1b34c4370accb077f9f^! / .
commitf18daf7db473988bd9c5a1b34c4370accb077f9f[log] [tgz]
authorJuan Castillo <juan.castillo@arm.com>Tue Mar 10 15:18:55 2015 +0000
committerJuan Castillo <juan.castillo@arm.com>Thu Jun 25 08:53:26 2015 +0100
tree37617dc1eda6771ae2c3c919ba70549e9ac0bb1a
parentac402932d67f48d83492f045a765dc8714885af5 [diff]
TBB: replace assert() with runtime checks in PolarSSL module

Using assert() to check the length of keys and hashes included in
a certificate is not a safe approach because assert() only applies
to debug builds. A malformed certificate could exploit security
flaws in release binaries due to buffer overflows.

This patch replaces assert() with runtime checkings in the PolarSSL
authentication module, so malformed certificates can not cause a
memory overflow.

Change-Id: I42ba912020595752c806cbd242fe3c74077d993b

diff --git a/common/auth/polarssl/polarssl.c b/common/auth/polarssl/polarssl.c
index 82c8b33..b55a7fc 100644
--- a/common/auth/polarssl/polarssl.c
+++ b/common/auth/polarssl/polarssl.c

@@ -32,7 +32,6 @@
 
 #include <stddef.h>
 
-#include <assert.h>
 #include <auth.h>
 #include <debug.h>
 #include <platform.h>
@@ -267,7 +266,11 @@
 		goto error;
 	}
 
-	assert(sz == SHA256_DER_BYTES);
+	if (sz != SHA256_DER_BYTES) {
+		ERROR("Wrong BL2 hash size: %lu\n", sz);
+		err = 1;
+		goto error;
+	}
 	memcpy(sha_bl2, p, SHA256_DER_BYTES);
 
 error:
@@ -324,7 +327,11 @@
 		goto error;
 	}
 
-	assert(tz_world_pk_len <= RSA_PUB_DER_MAX_BYTES);
+	if (tz_world_pk_len > RSA_PUB_DER_MAX_BYTES) {
+		ERROR("Wrong RSA key size: %lu\n", tz_world_pk_len);
+		err = 1;
+		goto error;
+	}
 	memcpy(tz_world_pk, p, tz_world_pk_len);
 
 	/* Extract Non-Trusted World key from extensions */
@@ -335,7 +342,11 @@
 		goto error;
 	}
 
-	assert(tz_world_pk_len <= RSA_PUB_DER_MAX_BYTES);
+	if (ntz_world_pk_len > RSA_PUB_DER_MAX_BYTES) {
+		ERROR("Wrong RSA key size: %lu\n", ntz_world_pk_len);
+		err = 1;
+		goto error;
+	}
 	memcpy(ntz_world_pk, p, ntz_world_pk_len);
 
 error:
@@ -392,7 +403,11 @@
 		goto error;
 	}
 
-	assert(sz <= RSA_PUB_DER_MAX_BYTES);
+	if (sz > RSA_PUB_DER_MAX_BYTES) {
+		ERROR("Wrong RSA key size: %lu\n", sz);
+		err = 1;
+		goto error;
+	}
 	memcpy(s_key, p, sz);
 	*s_key_len = sz;
 
@@ -446,7 +461,11 @@
 		goto error;
 	}
 
-	assert(sz == SHA256_DER_BYTES);
+	if (sz != SHA256_DER_BYTES) {
+		ERROR("Wrong image hash length: %lu\n", sz);
+		err = 1;
+		goto error;
+	}
 	memcpy(sha, p, SHA256_DER_BYTES);
 
 error: