eet - be robust about garbage at the end that looks like an idenity

if there is an identity signaure at the end, ONLY check it if it looks
like a real one (correct magic number, cert and sig size fields are
sane etc.). this means eet opens dont fail for files that may have
trailing garbage or padding that is not an eet identity signature.

diff --git a/src/lib/eet/Eet_private.h b/src/lib/eet/Eet_private.h
index b487cf8..c2e6702 100644 (file)
--- a/src/lib/eet/Eet_private.h
+++ b/src/lib/eet/Eet_private.h
@@ -334,4 +334,6 @@ void eet_mempool_shutdown(void);
 # define EET_ASSERT(Test, Do) if (Test == 0) {abort(); }
 #endif /* ifdef DNDEBUG */
 
+#define EET_MAGIC_SIGN 0x1ee74271
+
 #endif /* ifndef _EET_PRIVATE_H */

diff --git a/src/lib/eet/eet_cipher.c b/src/lib/eet/eet_cipher.c
index 65a8635..6ccb9cc 100644 (file)
--- a/src/lib/eet/eet_cipher.c
+++ b/src/lib/eet/eet_cipher.c
@@ -51,8 +51,6 @@
 #include "Eet.h"
 #include "Eet_private.h"
 
-#define EET_MAGIC_SIGN 0x1ee74271
-
 #ifdef HAVE_GNUTLS
 # define MAX_KEY_LEN   32
 # define MAX_IV_LEN    16

diff --git a/src/lib/eet/eet_lib.c b/src/lib/eet/eet_lib.c
index 367c740..11d0706 100644 (file)
--- a/src/lib/eet/eet_lib.c
+++ b/src/lib/eet/eet_lib.c
@@ -982,18 +982,36 @@ eet_internal_read2(Eet_File *ef)
 #ifdef HAVE_SIGNATURE
         const unsigned char *buffer = ((const unsigned char *)ef->data) +
           signature_base_offset;
-        ef->x509_der = eet_identity_check(ef->data,
-                                          signature_base_offset,
-                                          &ef->sha1,
-                                          &ef->sha1_length,
-                                          buffer,
-                                          ef->data_size - signature_base_offset,
-                                          &ef->signature,
-                                          &ef->signature_length,
-                                          &ef->x509_length);
-
-        if (eet_test_close(!ef->x509_der, ef))
-          return NULL;
+        unsigned long int sig_size = ef->data_size - signature_base_offset;
+
+        /* check that the signature is a sane size to bother even checking */
+        if (sig_size >= (3 * sizeof(int)))
+          {
+             int head[3];
+
+             /* check the signature has the magic number and sig + cert len
+              * + magic is sane */
+             memcpy(head, buffer, 3 * sizeof(int));
+             head[0] = ntohl(head[0]);
+             head[1] = ntohl(head[1]);
+             head[2] = ntohl(head[2]);
+             if ((head[0] == EET_MAGIC_SIGN) && (head[1] > 0) && (head[2] > 0))
+               {
+                  /* there appears to be an actual valid identity at the end
+                   * so now actually check it */
+                  ef->x509_der = eet_identity_check(ef->data,
+                                                    signature_base_offset,
+                                                    &ef->sha1,
+                                                    &ef->sha1_length,
+                                                    buffer,
+                                                    sig_size,
+                                                    &ef->signature,
+                                                    &ef->signature_length,
+                                                    &ef->x509_length);
+
+                  if (eet_test_close(!ef->x509_der, ef)) return NULL;
+               }
+          }
 
 #else /* ifdef HAVE_SIGNATURE */
         ERR(