From d77b7ac90e746ffc5fca6d56a6b51542a010780d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Lam?= <leo@innovatetechnologi.es>
Date: Sun, 11 Jun 2017 22:13:17 +0200
Subject: [PATCH] IOS/ES: Verify containers in SetUpStreamKey

---
 Source/Core/Core/IOS/ES/ES.cpp | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/Source/Core/Core/IOS/ES/ES.cpp b/Source/Core/Core/IOS/ES/ES.cpp
index 1053c0dbc1..a1a7d78054 100644
--- a/Source/Core/Core/IOS/ES/ES.cpp
+++ b/Source/Core/Core/IOS/ES/ES.cpp
@@ -738,6 +738,19 @@ ReturnCode ES::SetUpStreamKey(const u32 uid, const u8* ticket_view, const IOS::E
   if (ticket_bytes.empty())
     return ES_NO_TICKET;
 
+  std::vector<u8> cert_store;
+  ret = ReadCertStore(&cert_store);
+  if (ret != IPC_SUCCESS)
+    return ret;
+
+  ret = VerifyContainer(VerifyContainerType::TMD, VerifyMode::UpdateCertStore, tmd, cert_store);
+  if (ret != IPC_SUCCESS)
+    return ret;
+  ret = VerifyContainer(VerifyContainerType::Ticket, VerifyMode::UpdateCertStore, installed_ticket,
+                        cert_store);
+  if (ret != IPC_SUCCESS)
+    return ret;
+
   // Create the handle and return it.
   std::array<u8, 16> iv{};
   std::memcpy(iv.data(), &title_id, sizeof(title_id));