cedric pushed a commit to branch master.
http://git.enlightenment.org/core/efl.git/commit/?id=9fa4a5fb6dc5b616e67a6b47042b62c9dfcab167
commit 9fa4a5fb6dc5b616e67a6b47042b62c9dfcab167
Author: Jiwon Kim <jwkim0...@gmail.com>
Date: Tue Feb 7 15:06:01 2017 -0800
eet: read sould be failed if cipher_key exist but file not ciphered
Summary:
Currentely, if eet_read_cipher()'s cipher_key param is exist but file
not ciphered, function always read and return successful result.
But, this behavior can not check data integrity.
e.g.
1. App create config file using eet with encryption key.
2. Attacker replace config to malicious config (not encryted).
3. App can not notice if eet_read_cipher() read that successfully.
@fix
Test Plan:
$eet -e test.cfg my_config test.src 1
$eet -d test.cfg my_config decode_res.txt my_encrytion_key
(Currentely decode success, but should be failed)
Reviewers: woohyun, raster
Subscribers: id213sin, akanad, cedric, jpeg
Differential Revision: https://phab.enlightenment.org/D4563
Signed-off-by: Cedric BAIL <ced...@osg.samsung.com>
---
src/lib/eet/eet_lib.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lib/eet/eet_lib.c b/src/lib/eet/eet_lib.c
index d2c95c2..2930b0f 100644
--- a/src/lib/eet/eet_lib.c
+++ b/src/lib/eet/eet_lib.c
@@ -1928,6 +1928,10 @@ eet_read_cipher(Eet_File *ef,
if (!efn)
goto on_error;
+ /* Requested decryption but file not encrypted -> integrity violation */
+ if (!efn->ciphered && cipher_key)
+ goto on_error;
+
/* Get a binbuf attached to this efn */
in = read_binbuf_from_disk(ef, efn);
if (!in) goto on_error;
--
