libsecurity_codesigning-55037.15.tar.gz

[apple/libsecurity_codesigning.git] / lib / codedirectory.cpp

diff --git a/lib/codedirectory.cpp b/lib/codedirectory.cpp
index 3eedb3c784ddc82b91fef39656844161f0fac4a6..0bcb980192b6cc4a746533cdddd8c8094a1b220a 100644 (file)
--- a/lib/codedirectory.cpp
+++ b/lib/codedirectory.cpp
@@ -35,6 +35,18 @@ namespace Security {
 namespace CodeSigning {
 
 
+//
+// Highest understood special slot in this CodeDirectory.
+//
+CodeDirectory::SpecialSlot CodeDirectory::maxSpecialSlot() const
+{
+       SpecialSlot slot = this->nSpecialSlots;
+       if (slot > cdSlotMax)
+               slot = cdSlotMax;
+       return slot;
+}
+
+
 //
 // Canonical filesystem names for select slot numbers.
 // These are variously used for filenames, extended attribute names, etc.
@@ -131,7 +143,7 @@ void CodeDirectory::checkIntegrity() const
        // now check interior offsets for validity
        if (!stringAt(identOffset))
                MacOSError::throwMe(errSecCSSignatureFailed); // identifier out of blob range
-       if (!contains(hashOffset - hashSize * nSpecialSlots, hashSize * (nSpecialSlots + nCodeSlots)))
+       if (!contains(hashOffset - uint64_t(hashSize) * nSpecialSlots, hashSize * (uint64_t(nSpecialSlots) + nCodeSlots)))
                MacOSError::throwMe(errSecCSSignatureFailed); // hash array out of blob range
        if (const Scatter *scatter = this->scatterVector()) {
                // the optional scatter vector is terminated with an element having (count == 0)