From 36c5caacf4d38c60a6385960a5e7a6ab8607e117 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Lam?= <leo@innovatetechnologi.es>
Date: Sun, 11 Jun 2017 22:10:33 +0200
Subject: [PATCH] IOS/ES: Verify containers in ImportTmd

---
 Source/Core/Core/IOS/ES/TitleManagement.cpp | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/Source/Core/Core/IOS/ES/TitleManagement.cpp b/Source/Core/Core/IOS/ES/TitleManagement.cpp
index 053d65c8cc..37c5472b8f 100644
--- a/Source/Core/Core/IOS/ES/TitleManagement.cpp
+++ b/Source/Core/Core/IOS/ES/TitleManagement.cpp
@@ -100,10 +100,23 @@ ReturnCode ES::ImportTmd(Context& context, const std::vector<u8>& tmd_bytes)
   // Ioctlv 0x2b writes the TMD to /tmp/title.tmd (for imports) and doesn't seem to write it
   // to either /import or /title. So here we simply have to set the import TMD.
   context.title_import.tmd.SetBytes(tmd_bytes);
-  // TODO: validate TMDs and return the proper error code (-1027) if the signature type is invalid.
   if (!context.title_import.tmd.IsValid())
     return ES_EINVAL;
 
+  std::vector<u8> cert_store;
+  ReturnCode ret = ReadCertStore(&cert_store);
+  if (ret != IPC_SUCCESS)
+    return ret;
+
+  ret = VerifyContainer(VerifyContainerType::TMD, VerifyMode::UpdateCertStore,
+                        context.title_import.tmd, cert_store);
+  if (ret != IPC_SUCCESS)
+  {
+    // Reset the import context so that further calls consider the state as invalid.
+    context.title_import.tmd.SetBytes({});
+    return ret;
+  }
+
   if (!InitImport(context.title_import.tmd.GetTitleId()))
     return ES_EIO;