From c08806d1076a16598780920a8b773b991396a4f6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Lam?= <leo@innovatetechnologi.es>
Date: Sun, 11 Jun 2017 22:16:05 +0200
Subject: [PATCH] IOS/ES: Verify containers in GetTMDStoredContents

---
 Source/Core/Core/IOS/ES/TitleInformation.cpp | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/Source/Core/Core/IOS/ES/TitleInformation.cpp b/Source/Core/Core/IOS/ES/TitleInformation.cpp
index 4312c9d2c3..1517f367ec 100644
--- a/Source/Core/Core/IOS/ES/TitleInformation.cpp
+++ b/Source/Core/Core/IOS/ES/TitleInformation.cpp
@@ -97,7 +97,21 @@ IPCCommandResult ES::GetTMDStoredContents(const IOCtlVRequest& request)
 
   std::vector<u8> tmd_bytes(request.in_vectors[0].size);
   Memory::CopyFromEmu(tmd_bytes.data(), request.in_vectors[0].address, tmd_bytes.size());
-  return GetStoredContents(IOS::ES::TMDReader{std::move(tmd_bytes)}, request);
+
+  const IOS::ES::TMDReader tmd{std::move(tmd_bytes)};
+  if (!tmd.IsValid())
+    return GetDefaultReply(ES_EINVAL);
+
+  std::vector<u8> cert_store;
+  ReturnCode ret = ReadCertStore(&cert_store);
+  if (ret != IPC_SUCCESS)
+    return GetDefaultReply(ret);
+
+  ret = VerifyContainer(VerifyContainerType::TMD, VerifyMode::UpdateCertStore, tmd, cert_store);
+  if (ret != IPC_SUCCESS)
+    return GetDefaultReply(ret);
+
+  return GetStoredContents(tmd, request);
 }
 
 IPCCommandResult ES::GetTitleCount(const std::vector<u64>& titles, const IOCtlVRequest& request)