Skip to content

Commit

Permalink
ssf: Sanitize returned digest pointer
Browse files Browse the repository at this point in the history 
Handle cases, in which SDFW responds with NULL as manifest digest value.

Ref: NCSDK-NONE

Signed-off-by: Tomasz Chyrowicz <tomasz.chyrowicz@nordicsemi.no>
  • Loading branch information
@tomchy
tomchy committed Nov 25, 2024
1 parent a611591 commit 426a545
Showing 1 changed file with 10 additions and 4 deletions.
14 changes: 10 additions & 4 deletions subsys/sdfw_services/services/suit_service/suit_update.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -185,16 +185,22 @@ suit_ssf_err_t suit_get_installed_manifest_info(suit_manifest_class_id_t *manife
if ((alg_id != NULL) && (digest != NULL)) {
const size_t manifest_digest_len =
rsp_data->SSF_SUIT_RSP_ARG(get_installed_manifest_info, digest).len;
const uint8_t *manifest_digest =
rsp_data->SSF_SUIT_RSP_ARG(get_installed_manifest_info, digest).value;

if (manifest_digest_len > digest->size) {
ssf_client_decode_done(rsp_pkt);
return SUIT_PLAT_ERR_NOMEM;
}

*alg_id = rsp_data->SSF_SUIT_RSP_ARG(get_installed_manifest_info, alg_id);
memcpy((uint8_t *)digest->mem,
rsp_data->SSF_SUIT_RSP_ARG(get_installed_manifest_info, digest).value,
manifest_digest_len);
digest->size = manifest_digest_len;
if (manifest_digest != NULL) {
memcpy((uint8_t *)digest->mem, manifest_digest, manifest_digest_len);
digest->size = manifest_digest_len;
} else {
digest->mem = NULL;
digest->size = 0;
}
}

ssf_client_decode_done(rsp_pkt);
Expand Down

0 comments on commit 426a545

Please sign in to comment.