| Message ID | 20200318174408.77473-4-sjg@chromium.org |
|---|---|
| State | Accepted |
| Commit | 472f9113dbbbed88345f3d38de3ff37ca163508e |
| Headers | show |
| Series | vboot: Fix forged-configuration vulnerability | expand |
diff --git a/common/image-sig.c b/common/image-sig.c index 639a112450..13ccd50bc5 100644 --- a/common/image-sig.c +++ b/common/image-sig.c @@ -499,13 +499,14 @@ static int fit_config_verify_sig(const void *fit, int conf_noffset, goto error; } - return verified ? 0 : -EPERM; + if (verified) + return 0; error: printf(" error!\n%s for '%s' hash node in '%s' config node\n", err_msg, fit_get_name(fit, noffset, NULL), fit_get_name(fit, conf_noffset, NULL)); - return -1; + return -EPERM; } int fit_config_verify_required_sigs(const void *fit, int conf_noffset,
This function only returns an error message sometimes. Update it to always return an error message if one is available. This makes it easier to see what went wrong. Signed-off-by: Simon Glass <sjg at chromium.org> --- Changes in v2: None common/image-sig.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-)