X-Git-Url: https://git.saurik.com/apple/security.git/blobdiff_plain/d8f41ccd20de16f8ebe2ccc84d47bf1cb2b26bbb..60c433a9f80a92b51b33f65f1f58883e8fe843be:/Security/libsecurity_codesigning/lib/codedirectory.cpp

diff --git a/Security/libsecurity_codesigning/lib/codedirectory.cpp b/Security/libsecurity_codesigning/lib/codedirectory.cpp
index d48d7dea..28a91f07 100644
--- a/Security/libsecurity_codesigning/lib/codedirectory.cpp
+++ b/Security/libsecurity_codesigning/lib/codedirectory.cpp
@@ -160,6 +160,18 @@ void CodeDirectory::checkIntegrity() const
 		if (!contains((*this)[pagesConsumed-1], hashSize))	// referenced too many main hash slots
 			MacOSError::throwMe(errSecCSSignatureFailed);
 	}
+	
+	// check consistency between the page-coverage fields
+	if (pageSize) {
+		if (codeLimit == 0)									// can't have paged signatures with no covered data
+			MacOSError::throwMe(errSecCSSignatureFailed);
+		size_t coveredPages = ((codeLimit-1) >> pageSize) + 1; // page slots required to cover codeLimit
+		if (coveredPages != nCodeSlots)
+			MacOSError::throwMe(errSecCSSignatureFailed);
+	} else {
+		if ((codeLimit > 0) != nCodeSlots)	// must have one code slot, or none if no code
+			MacOSError::throwMe(errSecCSSignatureFailed);
+	}
 }