Invalid Memory Access in SignatureValidator (#453)
* Invalid Memory Access in SignatureValidator Problem: * SignatureValidator::IsStoreOrigin() tries to read X.509 extensions to determine if the origin of the signature matches the Windows Store OID. * Extension data is converted from a raw buffer to an std::string for comparision. * The raw buffer is not null-terminated, and therefore, running std::strlen() on it causes invalid memory access. * This invalid access is caught by ASAN on macOS. Solution: * Null-terminate the raw buffer before trying to build an std::string from it. Tests: * Ran app test suite that uses libmsix.dylib with ASAN on. No crashes were reported. * Invalid Memory Access in SignatureValidator Problem: * As @JohnMcPMS pointed out, writing "" with 1 byte size is null termination. * A better solution would be to use bptr->length and avoid writing the null byte altogether. Tests: * Ran app test suite that uses libmsix.dylib with ASAN on. No crashes were reported. Co-authored-by: Sayan Chaliha <sachalih@microsoft.com>
This commit is contained in:
Родитель
5883559c90
Коммит
0c8a78f9b1
|
@ -130,13 +130,12 @@ namespace MSIX
|
||||||
{
|
{
|
||||||
M_ASN1_OCTET_STRING_print(extbio.get(), ext->value);
|
M_ASN1_OCTET_STRING_print(extbio.get(), ext->value);
|
||||||
}
|
}
|
||||||
// null terminate the string.
|
|
||||||
BIO_write(extbio.get(), "", 1);
|
|
||||||
BUF_MEM *bptr = nullptr;
|
BUF_MEM *bptr = nullptr;
|
||||||
BIO_get_mem_ptr(extbio.get(), &bptr);
|
BIO_get_mem_ptr(extbio.get(), &bptr);
|
||||||
|
|
||||||
if (bptr && bptr->data &&
|
if (bptr && bptr->data &&
|
||||||
std::string((char*)bptr->data).find(OID::WindowsStore()) != std::string::npos)
|
std::string((char*)bptr->data, bptr->length).find(OID::WindowsStore()) != std::string::npos)
|
||||||
{
|
{
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
Загрузка…
Ссылка в новой задаче