From 9522956605205d23fe99142547ca3227574d418a Mon Sep 17 00:00:00 2001 From: Bob Wolff Date: Tue, 27 Feb 2024 15:57:03 -0800 Subject: [PATCH] Check curve_name for null to avoid crash If mixed rsa and ecdsa keys are specified in dtsi, an rsa key can be sent into the ecdsa verify. Without the ecdsa,curve property, this function will crash due to lack of checking the null pointer return. Signed-off-by: Bob Wolff --- lib/ecdsa/ecdsa-verify.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/lib/ecdsa/ecdsa-verify.c b/lib/ecdsa/ecdsa-verify.c index 0601700c4f..4d1835b598 100644 --- a/lib/ecdsa/ecdsa-verify.c +++ b/lib/ecdsa/ecdsa-verify.c @@ -31,6 +31,11 @@ static int fdt_get_key(struct ecdsa_public_key *key, const void *fdt, int node) int x_len, y_len; key->curve_name = fdt_getprop(fdt, node, "ecdsa,curve", NULL); + if (!key->curve_name) { + debug("Error: ecdsa cannot get 'ecdsa,curve' property from key. Likely not an ecdsa key.\n"); + return -ENOMSG; + } + key->size_bits = ecdsa_key_size(key->curve_name); if (key->size_bits == 0) { debug("Unknown ECDSA curve '%s'", key->curve_name); -- 2.39.5