diff --git a/src/object/content.rs b/src/object/content.rs index d7a0065..aa25c9c 100644 --- a/src/object/content.rs +++ b/src/object/content.rs @@ -44,6 +44,11 @@ impl KernelObjectContent { return false; } + // Need at least the e_ident fields read below (EI_CLASS, EI_DATA, EI_VERSION). + if self.bytes.len() < 7 { + return false; + } + // Byte 5: EI_CLASS, 0x1 = 32-bit, 0x2 = 64-bit module if self.bytes[4] != 1 && self.bytes[4] != 2 { return false; diff --git a/src/signature/raw.rs b/src/signature/raw.rs index d852095..65963b5 100644 --- a/src/signature/raw.rs +++ b/src/signature/raw.rs @@ -67,8 +67,10 @@ impl RawKernelObjectSignature { let header = bytemuck::try_pod_read_unaligned::(header) .map_err(Error::DataDecodeError)?; let signature_length = header.signature_length() as usize; - let total_length = - signature_length + header.signer_length as usize + header.key_id_length as usize; + let total_length = signature_length + + header.signer_length as usize + + header.key_id_length as usize + + size_of::(); if signature_length == 0 || (total_length > before_magic.len()) { return Ok(Some(RawKernelObjectSignature { header,