espressif/esp-matter
1
0
Fork 0
mirror of https://github.com/espressif/esp-matter.git synced 2026-04-27 19:13:13 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'fix_dac_provider' into 'main'

Browse Source 
dac_provider: Fix buffer overflow and added length validations

See merge request app-frameworks/esp-matter!263
This commit is contained in:
Hrishikesh Dhayagude
2023-01-11 16:07:30 +08:00
parent 82006dba91 958605104c
commit 308e92babc
1 changed files with 9 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files
components/esp_matter/esp_matter_dac_provider.cpp
+9 -12
View File
@@ -13,6 +13,7 @@
// limitations under the License.
#include <credentials/examples/DeviceAttestationCredsExample.h>
#include <credentials/CHIPCert.h>
#include <crypto/CHIPCryptoPAL.h>
#include <platform/ESP32/ESP32Config.h>
#include <platform/ESP32/ESP32FactoryDataProvider.h>
@@ -76,7 +77,9 @@ public:
if (err == ESP_OK && dac_cert != NULL && dac_len != 0)
{
ESP_FAULT_ASSERT(err == ESP_OK && dac_cert != NULL && dac_len != 0);
memcpy(outBuffer.data(), dac_cert, dac_len);
VerifyOrReturnError(dac_len <= kMaxDERCertLength, CHIP_ERROR_UNSUPPORTED_CERT_FORMAT, esp_secure_cert_free_ca_cert(dac_cert));
VerifyOrReturnError(dac_len <= outBuffer.size(), CHIP_ERROR_BUFFER_TOO_SMALL, esp_secure_cert_free_ca_cert(dac_cert));
memcpy(outBuffer.data(), dac_cert, outBuffer.size());
outBuffer.reduce_size(dac_len);
esp_secure_cert_free_device_cert(dac_cert);
return CHIP_NO_ERROR;
@@ -95,7 +98,9 @@ public:
if (err == ESP_OK && pai_cert != NULL && pai_len != 0)
{
ESP_FAULT_ASSERT(err == ESP_OK && pai_cert != NULL && pai_len != 0);
memcpy(outBuffer.data(), pai_cert, pai_len);
VerifyOrReturnError(pai_len <= kMaxDERCertLength, CHIP_ERROR_UNSUPPORTED_CERT_FORMAT, esp_secure_cert_free_ca_cert(pai_cert));
VerifyOrReturnError(pai_len <= outBuffer.size(), CHIP_ERROR_BUFFER_TOO_SMALL, esp_secure_cert_free_ca_cert(pai_cert));
memcpy(outBuffer.data(), pai_cert, outBuffer.size());
outBuffer.reduce_size(pai_len);
esp_secure_cert_free_ca_cert(pai_cert);
return CHIP_NO_ERROR;
@@ -123,18 +128,10 @@ public:
CHIP_ERROR chipError = LoadKeypairFromRaw(ByteSpan(reinterpret_cast<const uint8_t *>(sc_keypair + kPrivKeyOffset), kDACPrivateKeySize),
ByteSpan(reinterpret_cast<const uint8_t *>(sc_keypair + kPubKeyOffset), kDACPublicKeySize), keypair);
if (chipError != CHIP_NO_ERROR)
{
esp_secure_cert_free_priv_key(sc_keypair);
return chipError;
}
VerifyOrReturnError(chipError == CHIP_NO_ERROR, chipError, esp_secure_cert_free_priv_key(sc_keypair));
chipError = keypair.ECDSA_sign_msg(messageToSign.data(), messageToSign.size(), signature);
if (chipError != CHIP_NO_ERROR)
{
esp_secure_cert_free_priv_key(sc_keypair);
return chipError;
}
VerifyOrReturnError(chipError == CHIP_NO_ERROR, chipError, esp_secure_cert_free_priv_key(sc_keypair));
esp_secure_cert_free_priv_key(sc_keypair);
chipError = CopySpanToMutableSpan(ByteSpan{ signature.ConstBytes(), signature.Length() }, outSignBuffer);