On 5/5/26 16:18, Zhuoying Cai wrote:
> Define MAX_ENTRY_SIZE (8KB) and CERT_BUF_MAX_LEN to establish a finite
> size for a single entry VCEntry. Add validation in update_cert_store() to
> ensure certificate data does not exceed this limit.
>
> This finite size definition is needed for proper memory allocation and
> will be used in a later commit to handle VCEntry structures with known
> size constraints.
>
> Signed-off-by: Zhuoying Cai <[email protected]>
> ---
> hw/s390x/cert-store.c | 15 +++++++++++++--
> include/hw/s390x/ipl/diag320.h | 3 +++
> 2 files changed, 16 insertions(+), 2 deletions(-)
>
> diff --git a/hw/s390x/cert-store.c b/hw/s390x/cert-store.c
> index a4f15627e9..221267781b 100644
> --- a/hw/s390x/cert-store.c
> +++ b/hw/s390x/cert-store.c
> @@ -73,7 +73,7 @@ static S390IPLCertificate *init_cert(char *path, Error
> **errp)
> return cert;
> }
>
> -static void update_cert_store(S390IPLCertificateStore *cert_store,
> +static int update_cert_store(S390IPLCertificateStore *cert_store,
> S390IPLCertificate *cert)
In patch 4, you can define this function as an int type in anticipation
of these changes, and where you call the g_assert() for cert count,
change that to an if (check) return -1.
The if (update_cert_store(...) { ... } code should also go in patch 4.
This will make this patch much more streamlined, where only the #defines
and the new check in update_cert_store is introduced.
> {
> size_t data_buf_size;
> @@ -87,6 +87,12 @@ static void update_cert_store(S390IPLCertificateStore
> *cert_store,
> cert_buf_size = ROUND_UP(cert->der_size, 4);
> data_buf_size = keyid_buf_size + hash_buf_size + cert_buf_size;
>
> + if (data_buf_size > CERT_BUF_MAX_LEN) {
> + error_report("Certificate data size %zu exceeds maximum buffer size
> %ld",
> + data_buf_size, CERT_BUF_MAX_LEN);
> + return -1;
> + }
> +
> if (cert_store->largest_cert_size < data_buf_size) {
> cert_store->largest_cert_size = data_buf_size;
> }
> @@ -96,6 +102,8 @@ static void update_cert_store(S390IPLCertificateStore
> *cert_store,
> cert_store->certs[cert_store->count] = *cert;
> cert_store->total_bytes += data_buf_size;
> cert_store->count++;
> +
> + return 0;
> }
>
> static GPtrArray *get_cert_paths(Error **errp)
> @@ -214,7 +222,10 @@ void s390_ipl_create_cert_store(S390IPLCertificateStore
> *cert_store)
> exit(1);
> }
>
> - update_cert_store(cert_store, cert);
> + if (update_cert_store(cert_store, cert)) {
> + g_ptr_array_free(cert_path_builder, TRUE);
> + exit(1);
> + }
> }
>
> g_ptr_array_free(cert_path_builder, TRUE);
> diff --git a/include/hw/s390x/ipl/diag320.h b/include/hw/s390x/ipl/diag320.h
> index 35c652ff56..75065d2fe4 100644
> --- a/include/hw/s390x/ipl/diag320.h
> +++ b/include/hw/s390x/ipl/diag320.h
> @@ -83,6 +83,9 @@ struct VCEntry {
> };
> typedef struct VCEntry VCEntry;
>
> +#define MAX_ENTRY_SIZE (8 * 1024)
s/MAX_ENTRY_SIZE/MAX_VCENTRY_SIZE ?
> +#define CERT_BUF_MAX_LEN (MAX_ENTRY_SIZE - sizeof(VCEntryHeader))
> +
> struct VCBlockHeader {
> uint32_t in_len;
> uint32_t reserved0;
--
Regards,
Collin
