Skip to content

Commit 2f1da09

Browse files
catalinv-nccxiaoxiang781216
authored andcommitted
nuttx/drivers/crypto/pnt/pnt_se05x_api: Minor Overflow in Secure Element Driver May Cause a DoS
Invalid data is passed to the NXP Plug & Trust Nano Package used by the NuttX secure element driver. If the NXP code is not handling the malformed data, a corruption can occur. Alternatively, if the attacker is able to point create_signature_args->algorithm in memory at an address that is not accessible, a crash can occur. Applicable to: * `signature_algorithm_mapping[create_signature_args->algorithm]` * `signature_algorithm_mapping[verify_signature_args->algorithm]` Signed-off-by: Catalin Visinescu <catalin_visinescu@yahoo.com>
1 parent 1fd2fc2 commit 2f1da09

1 file changed

Lines changed: 12 additions & 0 deletions

File tree

drivers/crypto/pnt/pnt_se05x_api.c

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -308,6 +308,12 @@ int pnt_se05x_create_signature(
308308
{
309309
create_signature_args->signature.buffer_content_size =
310310
create_signature_args->signature.buffer_size;
311+
312+
if (create_signature_args->algorithm >= SE05X_ALGORITHM_SIZE)
313+
{
314+
return -EINVAL;
315+
}
316+
311317
int result =
312318
Se05x_API_ECDSASign(
313319
&(se05x->pnt->session), create_signature_args->key_id,
@@ -327,6 +333,12 @@ int pnt_se05x_verify_signature(
327333
FAR struct se05x_signature_s *verify_signature_args)
328334
{
329335
SE05x_Result_t se05x_result;
336+
337+
if (verify_signature_args->algorithm >= SE05X_ALGORITHM_SIZE)
338+
{
339+
return -EINVAL;
340+
}
341+
330342
int result =
331343
Se05x_API_ECDSAVerify(
332344
&(se05x->pnt->session), verify_signature_args->key_id,

0 commit comments

Comments
 (0)