Boot: Eliminate possible infinite loop
This patch eliminates a possible infinite loop from the image validation
process. It could stuck in a loop if it doesn't find a key to validate
the image and then hits the 'continue' statement which will skip the
address ('offset') incrementing step.
Change-Id: I1cbff35f9670a522e4a3d6005655dc364121be08
Signed-off-by: David Vincze <david.vincze@arm.com>
diff --git a/bl2/ext/mcuboot/bootutil/src/image_validate.c b/bl2/ext/mcuboot/bootutil/src/image_validate.c
index 036d242..b329ea8 100644
--- a/bl2/ext/mcuboot/bootutil/src/image_validate.c
+++ b/bl2/ext/mcuboot/bootutil/src/image_validate.c
@@ -406,21 +406,19 @@
*/
} else if (tlv.it_type == EXPECTED_SIG_TLV) {
/* Ignore this signature if it is out of bounds. */
- if (key_id < 0 || key_id >= bootutil_key_cnt) {
- key_id = -1;
- continue;
- }
- if (!EXPECTED_SIG_LEN(tlv.it_len) || tlv.it_len > sizeof(buf)) {
- return -1;
- }
- rc = flash_area_read(fap, off + sizeof(tlv), buf, tlv.it_len);
- if (rc) {
- return -1;
- }
- rc = bootutil_verify_sig(hash, sizeof(hash), buf, tlv.it_len,
- key_id);
- if (rc == 0) {
- valid_signature = 1;
+ if (key_id >= 0 && key_id < bootutil_key_cnt) {
+ if (!EXPECTED_SIG_LEN(tlv.it_len) || tlv.it_len > sizeof(buf)) {
+ return -1;
+ }
+ rc = flash_area_read(fap, off + sizeof(tlv), buf, tlv.it_len);
+ if (rc) {
+ return -1;
+ }
+ rc = bootutil_verify_sig(hash, sizeof(hash), buf, tlv.it_len,
+ key_id);
+ if (rc == 0) {
+ valid_signature = 1;
+ }
}
key_id = -1;
#endif