[PATCH] Check curve_name for null to avoid crash
Sean Anderson
seanga2 at gmail.com
Fri Feb 23 02:24:20 CET 2024
On 2/22/24 17:18, Bob Wolff wrote:
> If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent
> into the ecdsa verify. Without the ecdsa,curve property, this function will
> crash due to lack of checking the null pointer return.
nit: there should be a blank line here
> Signed-off-by: Bob Wolff <bob.wolff68 at gmail.com>
> ---
>
> lib/ecdsa/ecdsa-verify.c | 5 +++++
> 1 file changed, 5 insertions(+)
>
> diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c
> index 0601700c4f..4d1835b598 100644
> --- a/lib/ecdsa/ecdsa-verify.c
> +++ b/lib/ecdsa/ecdsa-verify.c
> @@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node)
> int x_len, y_len;
>
> key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL);
> + if (!key->curve_name) {
> + debug("Error: ecdsa cannot get 'ecdsa,curve' property from key. Likely not an ecdsa key.\n");
> + return -ENOMSG;
> + }
> +
> key->size_bits = ecdsa_key_size(key->curve_name);
> if (key->size_bits == 0) {
> debug("Unknown ECDSA curve '%s'", key->curve_name);
Reviewed-by: Sean Anderson <seanga2 at gmail.com>
More information about the U-Boot
mailing list