ExternalVendorCode/go-attestation
1
0
Fork 0
mirror of https://github.com/google/go-attestation.git synced 2024-12-20 05:28:22 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #127 from ericchiang/fix-dos

Browse Source 
attest: ensure parsing event can't allocated unbounded memory
This commit is contained in:
Eric Chiang 2019-10-08 13:18:10 -07:00 committed by GitHub
commit a0b6fcfd38
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 43 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
attest/eventlog.go
View File

@ -480,11 +480,23 @@ type rawEventHeader struct {
EventSize uint32 EventSize uint32
} }
func parseRawEvent(r io.Reader) (event rawEvent, err error) { type eventSizeErr struct {
eventSize uint32
logSize int
}
func (e *eventSizeErr) Error() string {
return fmt.Sprintf("event data size (%d bytes) is greater than remaining measurement log (%d bytes)", e.eventSize, e.logSize)
}
func parseRawEvent(r *bytes.Buffer) (event rawEvent, err error) {
var h rawEventHeader var h rawEventHeader
if err = binary.Read(r, binary.LittleEndian, &h); err != nil { if err = binary.Read(r, binary.LittleEndian, &h); err != nil {
return event, err return event, err
} }
if h.EventSize > uint32(r.Len()) {
return event, &eventSizeErr{h.EventSize, r.Len()}
}
data := make([]byte, int(h.EventSize)) data := make([]byte, int(h.EventSize))
if _, err := io.ReadFull(r, data); err != nil { if _, err := io.ReadFull(r, data); err != nil {
return event, err return event, err
@ -504,7 +516,7 @@ type rawEvent2Header struct {
Type uint32 Type uint32
} }
func parseRawEvent2(r io.Reader) (event rawEvent, err error) { func parseRawEvent2(r *bytes.Buffer) (event rawEvent, err error) {
var h rawEvent2Header var h rawEvent2Header
if err = binary.Read(r, binary.LittleEndian, &h); err != nil { if err = binary.Read(r, binary.LittleEndian, &h); err != nil {
return event, err return event, err
@ -543,6 +555,9 @@ func parseRawEvent2(r io.Reader) (event rawEvent, err error) {
if err = binary.Read(r, binary.LittleEndian, &eventSize); err != nil { if err = binary.Read(r, binary.LittleEndian, &eventSize); err != nil {
return event, err return event, err
} }
if eventSize > uint32(r.Len()) {
return event, &eventSizeErr{eventSize, r.Len()}
}
event.data = make([]byte, int(eventSize)) event.data = make([]byte, int(eventSize))
if _, err := io.ReadFull(r, event.data); err != nil { if _, err := io.ReadFull(r, event.data); err != nil {
return event, err return event, err

26
attest/eventlog_test.go
View File

@ -122,3 +122,29 @@ func testEventLog(t *testing.T, testdata string) {
} }
} }
} }
func TestParseEventLogEventSizeTooLarge(t *testing.T) {
data := []byte{
// PCR index
0x30, 0x34, 0x39, 0x33,
// type
0x36, 0x30, 0x30, 0x32,
// Digest
0x31, 0x39, 0x36, 0x33, 0x39, 0x34, 0x34, 0x37, 0x39, 0x32,
0x31, 0x32, 0x32, 0x37, 0x39, 0x30, 0x34, 0x30, 0x31, 0x6d,
// Even size (3.183 GB)
0xbd, 0xbf, 0xef, 0x47,
// "event data"
0x00, 0x00, 0x00, 0x00,
}
// If this doesn't panic, the test passed
// TODO(ericchiang): use errors.As once go-attestation switches to Go 1.13.
_, err := ParseEventLog(data)
if err == nil {
t.Fatalf("expected parsing invalid event log to fail")
}
}