additional bounds-checking on section sizes

This adds additional bounds-checking on the section sizes. Also adds -Wsign-compare to the Makefile and replaces some signed variables with unsigned counteparts for robustness. Signed-off-by: Kees Cook <kees@ubuntu.com>
author: Kees Cook <kees@outflux.net> 2012-12-03 15:52:48 -0800
committer: Peter Jones <pjones@redhat.com> 2013-10-22 11:23:51 -0400
commit: 21e40f0174814b3d91836e38c7cf95c8f2f1f3a4 (patch)
tree: 97744865a450c24431d7594eeb0e5c6a98d7f419 /PasswordCrypt.c
parent: baebb090ea1f65c205ac1fe2b83b42bb979a4907 (diff)
download: efi-boot-shim-21e40f0174814b3d91836e38c7cf95c8f2f1f3a4.tar.gz
efi-boot-shim-21e40f0174814b3d91836e38c7cf95c8f2f1f3a4.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/PasswordCrypt.c b/PasswordCrypt.c
index 8d72a821..e0a82cfd 100644
--- a/PasswordCrypt.c
+++ b/PasswordCrypt.c
@@ -154,7 +154,7 @@ static EFI_STATUS sha256_crypt (const char *key,  UINT32 key_len,
 	CopyMem(cp, tmp_result, cnt);
 
 	SHA256_Init(&alt_ctx);
-	for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
+	for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt)
 		SHA256_Update(&alt_ctx, salt, salt_size);
 	SHA256_Final(tmp_result, &alt_ctx);
 
@@ -242,7 +242,7 @@ static EFI_STATUS sha512_crypt (const char *key,  UINT32 key_len,
 	CopyMem(cp, tmp_result, cnt);
 
 	SHA512_Init(&alt_ctx);
-	for (cnt = 0; cnt < 16 + alt_result[0]; ++cnt)
+	for (cnt = 0; cnt < 16ul + alt_result[0]; ++cnt)
 		SHA512_Update(&alt_ctx, salt, salt_size);
 	SHA512_Final(tmp_result, &alt_ctx);
author	Kees Cook <kees@outflux.net>	2012-12-03 15:52:48 -0800
committer	Peter Jones <pjones@redhat.com>	2013-10-22 11:23:51 -0400
commit	21e40f0174814b3d91836e38c7cf95c8f2f1f3a4 (patch)
tree	97744865a450c24431d7594eeb0e5c6a98d7f419 /PasswordCrypt.c
parent	baebb090ea1f65c205ac1fe2b83b42bb979a4907 (diff)
download	efi-boot-shim-21e40f0174814b3d91836e38c7cf95c8f2f1f3a4.tar.gz efi-boot-shim-21e40f0174814b3d91836e38c7cf95c8f2f1f3a4.zip