[PATCH] ecdsa: Avoid null pointer crash in ecdsa-verify due to absent property

Sean Anderson seanga2 at gmail.com
Thu Feb 22 04:15:15 CET 2024


Hi Bob,

On 2/21/24 19:27, Bob Wolff wrote:
> If mixed rsa and ecdsa keys are specified in
> dtsi, an rsa key can be sent into the ecdsa
> verify. Without the ecdsa,curve property, this
> function will crash due to lack of checking
> the null pointer return.

You can wrap commit messages at 75 characters

> Signed-off-by: Bob Wolff <bob.wolff68 at gmail.com>
> ---
> 
>   lib/ecdsa/ecdsa-verify.c | 5 +++++
>   1 file changed, 5 insertions(+)
> 
> diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
> index 0601700c4f..01ffc3477c 100644
> --- a/lib/ecdsa/ecdsa-verify.c
> +++ b/lib/ecdsa/ecdsa-verify.c
> @@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key,
> const void *fdt, int node)
>    int x_len, y_len;
> 
>    key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL);
> + if (!key->curve_name) {
> + printf("Error: ecdsa cannot get 'ecdsa,curve' property from key. Likely
> not an ecdsa key.\n");

this should probably be a debug (like the below message)

> + return -ENOMSG;
> + }
> +

and it looks like something ate your indentation

--Sean

>    key->size_bits = ecdsa_key_size(key->curve_name);
>    if (key->size_bits == 0) {
>    debug("Unknown ECDSA curve '%s'", key->curve_name);
> --
> 2.39.3 (Apple Git-145)



More information about the U-Boot mailing list