ARMmbed
/
mbed-os
mirror of https://github.com/ARMmbed/mbed-os.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

SecureStore: Validate internal header size before using its values.

pull/11988/head
Seppo Takalo 2019-11-27 15:55:12 +02:00
parent 7a085b472b
commit 56d67360ef
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
features/storage/kvstore/securestore/SecureStore.cpp
View File

@ -530,6 +530,7 @@ int SecureStore::do_get(const char *key, void *buffer, size_t buffer_size, size_
uint8_t *dest_buf;
bool enc_started = false, auth_started = false;
uint32_t create_flags;
size_t read_len;
if (!is_valid_key(key)) {
return MBED_ERROR_INVALID_ARGUMENT;
@ -548,7 +549,7 @@ int SecureStore::do_get(const char *key, void *buffer, size_t buffer_size, size_
}
}
ret = _underlying_kv->get(key, &ih->metadata, sizeof(record_metadata_t));
ret = _underlying_kv->get(key, &ih->metadata, sizeof(record_metadata_t), &read_len);
if (ret) {
// In case we have the key in the RBP KV, then even if the key wasn't found in
// the underlying KV, we may have been exposed to an attack. Return an RBP authentication error.
@ -558,6 +559,12 @@ int SecureStore::do_get(const char *key, void *buffer, size_t buffer_size, size_
goto end;
}
// Validate header size
if ((read_len != sizeof(record_metadata_t)) || (ih->metadata.metadata_size != sizeof(record_metadata_t))) {
ret = MBED_ERROR_RBP_AUTHENTICATION_FAILED;
goto end;
}
create_flags = ih->metadata.create_flags;
if (!_rbp_kv) {
create_flags &= ~REQUIRE_REPLAY_PROTECTION_FLAG;