mirror of
https://git.code.sf.net/p/linux-ima/ima-evm-utils
synced 2025-10-24 19:08:22 +02:00
libimaevm: do not crash if the certificate cannot be read
This code path can be triggered if someone inadvertedly swaps the key with the certificate in the evmctl command line. Our `x` variable would be NULL, and we need to abort further processing of the certificate. Signed-off-by: Alberto Mardegan <a.mardegan@omp.ru> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:

committed by
Mimi Zohar

parent
3f162e8e3d
commit
eea9827d99
@@ -923,6 +923,7 @@ static int read_keyid_from_cert(uint32_t *keyid_be, const char *certfile, int tr
|
|||||||
ERR_print_errors_fp(stderr);
|
ERR_print_errors_fp(stderr);
|
||||||
log_err("read keyid: %s: Error reading x509 certificate\n",
|
log_err("read keyid: %s: Error reading x509 certificate\n",
|
||||||
certfile);
|
certfile);
|
||||||
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!(skid = x509_get_skid(x, &skid_len))) {
|
if (!(skid = x509_get_skid(x, &skid_len))) {
|
||||||
|
Reference in New Issue
Block a user