Add a check for buffer over-read in SC_Chunks_VerifyMsgSignature

Description

In the SC_Chunks_VerifyMsgSignature function, a buffer over-read may occur when an unexpected message is received (only message and security header, then empty).

Code version and environment identification

master : 4f4eafce

Steps to reproduce

Encrypted connection with an MSG whose encrypted part has a size of zero. Identified but not tested.

Relevant logs and/or screenshots

Traceback :

vxTaskEntry  +0x1c : pthread_create ()
pthread_create+0x70 : 0xffffffff810bbcbc ()
SOPC_Looper_Create+0xf4 : 0xffffffff810f82c8 ()
SOPC_ChunksMgr_OnSocketEvent+0x20c: SC_Chunks_TreatTcpPayload ()
SC_Chunks_TreatTcpPayload+0xc54: SOPC_CryptoProvider_SymmetricVerify ()
SOPC_CryptoProvider_SymmetricVerify+0xec : CryptoProvider_SymmVerify_HMAC_SHA256 ()
CryptoProvider_SymmVerify_HMAC_SHA256+0xb4 : mbedtls_md_hmac ()
mbedtls_md_hmac+0xc4 : mbedtls_md_update ()
mbedtls_sha256_update+0xa4 : mbedtls_internal_sha256_process ()
mbedtls_internal_sha256_process+0x68 : memcpy ()
memcpy       +0x1c : armMonitorRebootEntry ()

Analysis

In the SC_Chunks_VerifyMsgSignature function: When the buffer length is less than signatureSize, signaturePosition becomes an incorrect value and causes a buffer over-read.

Security impact

buffer over-read without security consequence as the signature verification will fail.

Possible fixes

Add a check: buffer->length >= signatureSize