dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 22:32:31 +02:00
Code Releases Activity

ima-evm-utils: Pass status codes from sign and hash functions to the callers

Browse Source 
Move sign_hash()/ima_calc_hash()/calc_evm_hmac()/calc_evm_hash() status
checking before assert()'ing of their return values, so it can be passed
to the upper level callers. Especially useful for showing errors.

Fixes: 1d9c279279 ("Define hash and sig buffer sizes and add asserts")
Fixes: 9643544701 ("Fix hash buffer overflow in verify_evm and hmac_evm")
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>

ima-evm-utils: Fix assert after ima_calc_hash
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov 2019-07-03 18:50:14 +03:00 committed by Mimi Zohar
parent 28d3a1b293
commit 5f126d1d25
2 changed files with 9 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/evmctl.c
View File

@ -514,14 +514,14 @@ static int sign_evm(const char *file, const char *key)
int len, err;
len = calc_evm_hash(file, hash);
assert(len <= sizeof(hash));
if (len <= 1)
return len;
assert(len <= sizeof(hash));
len = sign_hash(params.hash_algo, hash, len, key, NULL, sig + 1);
assert(len < sizeof(sig));
if (len <= 1)
return len;
assert(len < sizeof(sig));
/* add header */
len++;
@ -563,9 +563,9 @@ static int hash_ima(const char *file)
}
len = ima_calc_hash(file, hash + offset);
assert(len + offset <= sizeof(hash));
if (len <= 1)
return len;
assert(len + offset <= sizeof(hash));
len += offset;
@ -593,14 +593,14 @@ static int sign_ima(const char *file, const char *key)
int len, err;
len = ima_calc_hash(file, hash);
assert(len <= sizeof(hash));
if (len <= 1)
return len;
assert(len <= sizeof(hash));
len = sign_hash(params.hash_algo, hash, len, key, NULL, sig + 1);
assert(len < sizeof(sig));
if (len <= 1)
return len;
assert(len < sizeof(sig));
/* add header */
len++;
@ -724,9 +724,9 @@ static int cmd_sign_hash(struct command *cmd)
hex2bin(hash, line, hashlen / 2);
siglen = sign_hash(params.hash_algo, hash, hashlen/2,
key, NULL, sig + 1);
assert(siglen < sizeof(sig));
if (siglen <= 1)
return siglen;
assert(siglen < sizeof(sig));
fwrite(line, len, 1, stdout);
fprintf(stdout, " ");
@ -778,9 +778,9 @@ static int verify_evm(const char *file)
int len;
mdlen = calc_evm_hash(file, hash);
assert(mdlen <= sizeof(hash));
if (mdlen <= 1)
return mdlen;
assert(mdlen <= sizeof(hash));
len = lgetxattr(file, xattr_evm, sig, sizeof(sig));
if (len < 0) {
@ -1160,9 +1160,9 @@ static int hmac_evm(const char *file, const char *key)
int len, err;
len = calc_evm_hmac(file, key, hash);
assert(len <= sizeof(hash));
if (len <= 1)
return len;
assert(len <= sizeof(hash));
log_info("hmac: ");
log_dump(hash, len);

2
src/libimaevm.c
View File

@ -618,9 +618,9 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
return verify_hash(file, digest, digestlen, sig + 1, siglen - 1);
hashlen = ima_calc_hash(file, hash);
assert(hashlen <= sizeof(hash));
if (hashlen <= 1)
return hashlen;
assert(hashlen <= sizeof(hash));
return verify_hash(file, hash, hashlen, sig + 1, siglen - 1);
}