raster pushed a commit to branch master. http://git.enlightenment.org/core/efl.git/commit/?id=a5747f1ab3ec3d3876b73c08501a1e52404733f0
commit a5747f1ab3ec3d3876b73c08501a1e52404733f0 Author: Carsten Haitzler (Rasterman) <ras...@rasterman.com> Date: Wed Oct 7 17:24:20 2015 +0900 eet - be robust about garbage at the end that looks like an idenity if there is an identity signaure at the end, ONLY check it if it looks like a real one (correct magic number, cert and sig size fields are sane etc.). this means eet opens dont fail for files that may have trailing garbage or padding that is not an eet identity signature. --- src/lib/eet/Eet_private.h | 2 ++ src/lib/eet/eet_cipher.c | 2 -- src/lib/eet/eet_lib.c | 42 ++++++++++++++++++++++++++++++------------ 3 files changed, 32 insertions(+), 14 deletions(-) diff --git a/src/lib/eet/Eet_private.h b/src/lib/eet/Eet_private.h index b487cf8..c2e6702 100644 --- a/src/lib/eet/Eet_private.h +++ b/src/lib/eet/Eet_private.h @@ -334,4 +334,6 @@ void eet_mempool_shutdown(void); # define EET_ASSERT(Test, Do) if (Test == 0) {abort(); } #endif /* ifdef DNDEBUG */ +#define EET_MAGIC_SIGN 0x1ee74271 + #endif /* ifndef _EET_PRIVATE_H */ diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c index 65a8635..6ccb9cc 100644 --- a/src/lib/eet/eet_cipher.c +++ b/src/lib/eet/eet_cipher.c @@ -51,8 +51,6 @@ #include "Eet.h" #include "Eet_private.h" -#define EET_MAGIC_SIGN 0x1ee74271 - #ifdef HAVE_GNUTLS # define MAX_KEY_LEN 32 # define MAX_IV_LEN 16 diff --git a/src/lib/eet/eet_lib.c b/src/lib/eet/eet_lib.c index 367c740..11d0706 100644 --- a/src/lib/eet/eet_lib.c +++ b/src/lib/eet/eet_lib.c @@ -982,18 +982,36 @@ eet_internal_read2(Eet_File *ef) #ifdef HAVE_SIGNATURE const unsigned char *buffer = ((const unsigned char *)ef->data) + signature_base_offset; - ef->x509_der = eet_identity_check(ef->data, - signature_base_offset, - &ef->sha1, - &ef->sha1_length, - buffer, - ef->data_size - signature_base_offset, - &ef->signature, - &ef->signature_length, - &ef->x509_length); - - if (eet_test_close(!ef->x509_der, ef)) - return NULL; + unsigned long int sig_size = ef->data_size - signature_base_offset; + + /* check that the signature is a sane size to bother even checking */ + if (sig_size >= (3 * sizeof(int))) + { + int head[3]; + + /* check the signature has the magic number and sig + cert len + * + magic is sane */ + memcpy(head, buffer, 3 * sizeof(int)); + head[0] = ntohl(head[0]); + head[1] = ntohl(head[1]); + head[2] = ntohl(head[2]); + if ((head[0] == EET_MAGIC_SIGN) && (head[1] > 0) && (head[2] > 0)) + { + /* there appears to be an actual valid identity at the end + * so now actually check it */ + ef->x509_der = eet_identity_check(ef->data, + signature_base_offset, + &ef->sha1, + &ef->sha1_length, + buffer, + sig_size, + &ef->signature, + &ef->signature_length, + &ef->x509_length); + + if (eet_test_close(!ef->x509_der, ef)) return NULL; + } + } #else /* ifdef HAVE_SIGNATURE */ ERR( --