boot: Check that hash TLV is sufficiently large Add a check for the size of the TLV entry for the boot record. Although, this is in the protected area, and should be protected by a signature, check that we don't induce an integer underflow if that entry is somehow too short. Signed-off-by: David Brown <david.brown@linaro.org>

commit: 9feea8c616c21ec6906dcae0c8f45abd7494953a [log] [tgz]
author: David Brown <david.brown@linaro.org> Wed Apr 13 16:10:01 2022 -0600
committer: Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no> Tue Jun 07 14:37:01 2022 +0200
tree: c75c7a2ba640567b2af6b7f543f0309a4f72cbd2
parent: 254714bebdc0139193666b4722dd0fc2f73ad1dc [diff]
diff --git a/boot/bootutil/src/boot_record.c b/boot/bootutil/src/boot_record.c
index 3fb1fcc..cedf1a4 100644
--- a/boot/bootutil/src/boot_record.c
+++ b/boot/bootutil/src/boot_record.c

@@ -196,6 +196,13 @@
         return -1;
     }
 
+    /* Ensure that we have enough in the record for the hash.  This
+     * prevents an underflow in the calculation below.
+     */
+    if (record_len < sizeof(image_hash)) {
+	return -1;
+    }
+
     /* Update the measurement value (hash of the image) data item in the
      * boot record. It is always the last item in the structure to make
      * it easy to calculate its position.
commit	9feea8c616c21ec6906dcae0c8f45abd7494953a	[log] [tgz]
author	David Brown <david.brown@linaro.org>	Wed Apr 13 16:10:01 2022 -0600
committer	Andrzej Puzdrowski <andrzej.puzdrowski@nordicsemi.no>	Tue Jun 07 14:37:01 2022 +0200
tree	c75c7a2ba640567b2af6b7f543f0309a4f72cbd2
parent	254714bebdc0139193666b4722dd0fc2f73ad1dc [diff]