mirror of
https://github.com/google/go-attestation.git
synced 2025-01-18 18:36:24 +00:00
attest: ensure parsing event can't allocated unbounded memory
Add a sanity check to ensure the measurement log actually contains as much data as the event size reports.
This commit is contained in:
parent
74a97ba02f
commit
f365b3275e
@ -480,11 +480,23 @@ type rawEventHeader struct {
|
||||
EventSize uint32
|
||||
}
|
||||
|
||||
func parseRawEvent(r io.Reader) (event rawEvent, err error) {
|
||||
type eventSizeErr struct {
|
||||
eventSize uint32
|
||||
logSize int
|
||||
}
|
||||
|
||||
func (e *eventSizeErr) Error() string {
|
||||
return fmt.Sprintf("event data size (%d bytes) is greater than remaining measurement log (%d bytes)", e.eventSize, e.logSize)
|
||||
}
|
||||
|
||||
func parseRawEvent(r *bytes.Buffer) (event rawEvent, err error) {
|
||||
var h rawEventHeader
|
||||
if err = binary.Read(r, binary.LittleEndian, &h); err != nil {
|
||||
return event, err
|
||||
}
|
||||
if h.EventSize > uint32(r.Len()) {
|
||||
return event, &eventSizeErr{h.EventSize, r.Len()}
|
||||
}
|
||||
data := make([]byte, int(h.EventSize))
|
||||
if _, err := io.ReadFull(r, data); err != nil {
|
||||
return event, err
|
||||
@ -504,7 +516,7 @@ type rawEvent2Header struct {
|
||||
Type uint32
|
||||
}
|
||||
|
||||
func parseRawEvent2(r io.Reader) (event rawEvent, err error) {
|
||||
func parseRawEvent2(r *bytes.Buffer) (event rawEvent, err error) {
|
||||
var h rawEvent2Header
|
||||
if err = binary.Read(r, binary.LittleEndian, &h); err != nil {
|
||||
return event, err
|
||||
@ -543,6 +555,9 @@ func parseRawEvent2(r io.Reader) (event rawEvent, err error) {
|
||||
if err = binary.Read(r, binary.LittleEndian, &eventSize); err != nil {
|
||||
return event, err
|
||||
}
|
||||
if eventSize > uint32(r.Len()) {
|
||||
return event, &eventSizeErr{eventSize, r.Len()}
|
||||
}
|
||||
event.data = make([]byte, int(eventSize))
|
||||
if _, err := io.ReadFull(r, event.data); err != nil {
|
||||
return event, err
|
||||
|
@ -122,3 +122,29 @@ func testEventLog(t *testing.T, testdata string) {
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
func TestParseEventLogEventSizeTooLarge(t *testing.T) {
|
||||
data := []byte{
|
||||
// PCR index
|
||||
0x30, 0x34, 0x39, 0x33,
|
||||
// type
|
||||
0x36, 0x30, 0x30, 0x32,
|
||||
|
||||
// Digest
|
||||
0x31, 0x39, 0x36, 0x33, 0x39, 0x34, 0x34, 0x37, 0x39, 0x32,
|
||||
0x31, 0x32, 0x32, 0x37, 0x39, 0x30, 0x34, 0x30, 0x31, 0x6d,
|
||||
|
||||
// Even size (3.183 GB)
|
||||
0xbd, 0xbf, 0xef, 0x47,
|
||||
|
||||
// "event data"
|
||||
0x00, 0x00, 0x00, 0x00,
|
||||
}
|
||||
|
||||
// If this doesn't panic, the test passed
|
||||
// TODO(ericchiang): use errors.As once go-attestation switches to Go 1.13.
|
||||
_, err := ParseEventLog(data)
|
||||
if err == nil {
|
||||
t.Fatalf("expected parsing invalid event log to fail")
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user