From 6c0ebe2be6d22910a40549a1fd4c3abccec45ac1 Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Fri, 17 Jan 2014 12:35:21 +0200 Subject: [PATCH] Prevent reading of inode generation for special files in HMAC signing Kernel API does not support at the momement reading of inode generation number of special files, so do not do it also when do HMAC signing. Signed-off-by: Dmitry Kasatkin --- src/evmctl.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c index 1a94d58..9be5e8b 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -1429,8 +1429,8 @@ out: static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *hash) { struct stat st; - int fd, err = -1; - uint32_t generation; + int err = -1; + uint32_t generation = 0; HMAC_CTX ctx; unsigned int mdlen; char **xattrname; @@ -1456,24 +1456,26 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h memcpy(evmkey, key, keylen); memset(evmkey + keylen, 0, sizeof(evmkey) - keylen); - fd = open(file, 0); - if (fd < 0) { - log_err("Unable to open %s\n", file); + if (lstat(file, &st)) { + log_err("lstat() failed\n"); goto out; } - if (fstat(fd, &st)) { - log_err("fstat() failed\n"); - goto out; + if (S_ISREG(st.st_mode) || S_ISDIR(st.st_mode)) { + /* we cannot at the momement to get generation of special files.. + * kernel API does not support it */ + int fd = open(file, 0); + if (fd < 0) { + log_err("Unable to open %s\n", file); + goto out; + } + if (ioctl(fd, EXT34_IOC_GETVERSION, &generation)) { + log_err("ioctl() failed\n"); + goto out; + } + close(fd); } - if (ioctl(fd, EXT34_IOC_GETVERSION, &generation)) { - log_err("ioctl() failed\n"); - goto out; - } - - close(fd); - log_info("generation: %u\n", generation); list_size = llistxattr(file, list, sizeof(list));