dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-06-30 21:02:33 +02:00
Code Releases Activity

ima-evm-utils: Define hash and sig buffer sizes and add asserts

Browse Source 
To prevent hash and sig buffers size mismatch, define their maximum
sizes and add sanity checking asserts.

Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov
2018-12-03 06:35:20 +03:00
committed by Mimi Zohar
parent 9643544701
commit 1d9c279279
3 changed files with 28 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/libimaevm.c
View File

@ -49,6 +49,7 @@
#include <dirent.h>
#include <string.h>
#include <stdio.h>
#include <assert.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
@ -590,7 +591,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
unsigned char *digest, int digestlen)
{
unsigned char hash[64];
unsigned char hash[MAX_DIGEST_SIZE];
int hashlen, sig_hash_algo;
if (sig[0] != 0x03) {
@ -614,6 +615,7 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
return verify_hash(file, digest, digestlen, sig + 1, siglen - 1);
hashlen = ima_calc_hash(file, hash);
assert(hashlen <= sizeof(hash));
if (hashlen <= 1)
return hashlen;