From 6f8a2565593f602bfe9f6069f086960f8cc745cd Mon Sep 17 00:00:00 2001
From: Sandrine Bailleux <sandrine.bailleux@arm.com>
Date: Wed, 25 Mar 2020 11:22:34 +0100
Subject: [PATCH] Check for out-of-bound accesses in the CoT description

The chain of trust array is now always accessed through a fconf getter.
This gives us an ideal spot to check for out-of-bound accesses.

Change-Id: Ic5ea20e43cf8ca959bb7f9b60de7c0839b390add
Signed-off-by: Sandrine Bailleux <sandrine.bailleux@arm.com>
---
 include/drivers/auth/auth_mod.h       | 6 +++++-
 include/lib/fconf/fconf_tbbr_getter.h | 7 ++++++-
 2 files changed, 11 insertions(+), 2 deletions(-)

diff --git a/include/drivers/auth/auth_mod.h b/include/drivers/auth/auth_mod.h
index 6c48124b5..1dc9ff441 100644
--- a/include/drivers/auth/auth_mod.h
+++ b/include/drivers/auth/auth_mod.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2015-2019, ARM Limited and Contributors. All rights reserved.
+ * Copyright (c) 2015-2020, ARM Limited and Contributors. All rights reserved.
  *
  * SPDX-License-Identifier: BSD-3-Clause
  */
@@ -14,6 +14,8 @@
 #include <drivers/auth/auth_common.h>
 #include <drivers/auth/img_parser_mod.h>
 
+#include <lib/utils_def.h>
+
 /*
  * Image flags
  */
@@ -41,9 +43,11 @@ int auth_mod_verify_img(unsigned int img_id,
 /* Macro to register a CoT defined as an array of auth_img_desc_t pointers */
 #define REGISTER_COT(_cot) \
 	const auth_img_desc_t *const *const cot_desc_ptr = (_cot); \
+	const size_t cot_desc_size = ARRAY_SIZE(_cot);		   \
 	unsigned int auth_img_flags[MAX_NUMBER_IDS]
 
 extern const auth_img_desc_t *const *const cot_desc_ptr;
+extern const size_t cot_desc_size;
 extern unsigned int auth_img_flags[MAX_NUMBER_IDS];
 
 #endif /* TRUSTED_BOARD_BOOT */
diff --git a/include/lib/fconf/fconf_tbbr_getter.h b/include/lib/fconf/fconf_tbbr_getter.h
index eddc0c4b5..db98b68b0 100644
--- a/include/lib/fconf/fconf_tbbr_getter.h
+++ b/include/lib/fconf/fconf_tbbr_getter.h
@@ -7,10 +7,15 @@
 #ifndef FCONF_TBBR_GETTER_H
 #define FCONF_TBBR_GETTER_H
 
+#include <assert.h>
+
 #include <lib/fconf/fconf.h>
 
 /* TBBR related getter */
-#define tbbr__cot_getter(id)	cot_desc_ptr[id]
+#define tbbr__cot_getter(id) __extension__ ({	\
+	assert((id) < cot_desc_size);		\
+	cot_desc_ptr[id];			\
+})
 
 #define tbbr__dyn_config_getter(id)	tbbr_dyn_config.id
 
-- 
GitLab