commit b883b4bbc2e61b21b40486d7dc8421cc8b1d3904
author Pierre-Clément Tosi <ptosi@google.com> Fri Jun 28 15:55:25 2024 +0100
committer Pierre-Clément Tosi <ptosi@google.com> Mon Jul 08 14:41:22 2024 +0100
tree 2e49fd29d1929fbba9cb5f342d53f324fa1744ed
parent e4f7215f0f886ef11f1fc597c3a92257abff512d

pvmfw: avb: Improve access to signed kernel footer

Check that the computed offset is actually a valid index into the slice.

Introduce a helper to get the footer offset, for re-use.

Test: m libpvmfw_avb.integration_test
Change-Id: I20040eb3e2254e9938a31c793ecae481e35b4ad5

pvmfw/avb/tests/utils.rs

diff --git a/pvmfw/avb/tests/utils.rs b/pvmfw/avb/tests/utils.rs
index cf37fcf..e989579 100644
--- a/pvmfw/avb/tests/utils.rs
+++ b/pvmfw/avb/tests/utils.rs
@@ -72,8 +72,14 @@
     Ok(fs::read(PUBLIC_KEY_RSA4096_PATH)?)
 }
 
+pub fn get_avb_footer_offset(signed_kernel: &[u8]) -> Result<usize> {
+    let offset = signed_kernel.len().checked_sub(size_of::<AvbFooter>());
+
+    offset.ok_or_else(|| anyhow!("Kernel too small to be AVB-signed"))
+}
+
 pub fn extract_avb_footer(kernel: &[u8]) -> Result<AvbFooter> {
-    let footer_start = kernel.len() - size_of::<AvbFooter>();
+    let footer_start = get_avb_footer_offset(kernel)?;
     // SAFETY: The slice is the same size as the struct which only contains simple data types.
     let mut footer = unsafe {
         transmute::<[u8; size_of::<AvbFooter>()], AvbFooter>(kernel[footer_start..].try_into()?)