Validate signature scheme is present when decoding TPMT_PUBLIC blobs (#140)

2025-06-23 16:58:04 +00:00 · 2019-12-04 14:35:21 -08:00
parent fb4487ace5
commit 814084b657
2 changed files with 21 additions and 0 deletions
--- a/attest/attest_test.go
+++ b/attest/attest_test.go
@ -152,3 +152,14 @@ func TestPCRs(t *testing.T) {
 		}
 	}
 }
+
+func TestBug139(t *testing.T) {
+	// Tests ParseAKPublic() with known parseable but non-spec-compliant blobs, and ensure
+	// an error is returned rather than a segfault.
+	// https://github.com/google/go-attestation/issues/139
+	badBlob := []byte{0, 1, 0, 4, 0, 1, 0, 0, 0, 0, 0, 6, 0, 128, 0, 67, 0, 16, 8, 0, 0, 1, 0, 1, 0, 0}
+	msg := "parsing public key: missing rsa signature scheme"
+	if _, err := ParseAKPublic(TPMVersion20, badBlob); err == nil || err.Error() != msg {
+		t.Errorf("ParseAKPublic() err = %v, want %v", err, msg)
+	}
+}