dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 22:32:31 +02:00
Code Releases Activity

ima-evm-utils: Fix null dereference from file2bin to memcpy

Browse Source 
file2bin() may return NULL, which is set to tmp, which is passed to
memcpy. Add explicit check for it.

Fixes: CID 229904.
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov 2019-07-15 23:05:49 +03:00 committed by Mimi Zohar
parent 164c51ff2b
commit d47951c6e1
1 changed files with 9 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
src/evmctl.c
View File

@ -821,7 +821,15 @@ static int verify_ima(const char *file)
if (sigfile) {
void *tmp = file2bin(file, "sig", &len);
assert(len <= sizeof(sig));
if (!tmp) {
log_err("Failed reading: %s\n", file);
return -1;
}
if (len > sizeof(sig)) {
log_err("Signature file is too big: %s\n", file);
free(tmp);
return -1;
}
memcpy(sig, tmp, len);
free(tmp);
} else {