dh/ima-evm-utils
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix hash array size in verify_ima()

Browse Source 
Now evmctl supports different hash algorithms and sha512 will produce
64 byte digest. verify_ima() still allocates only 20bytes to store hash.
This does not work with larger hashes.

Signed-off-by: Vivek Goyal <vgoyal@redhat.com>
This commit is contained in:
Vivek Goyal 2013-07-12 14:52:06 -04:00 committed by Dmitry Kasatkin
parent 16d40dbdf6
commit b48f4f9c7e
1 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/evmctl.c
View File

@ -1213,13 +1213,13 @@ static int cmd_verify_evm(struct command *cmd)
static int verify_ima(const char *file, const char *key) static int verify_ima(const char *file, const char *key)
{ {
unsigned char hash[20]; unsigned char hash[64];
unsigned char sig[1024]; unsigned char sig[1024];
int len; int len, hashlen;
len = calc_hash(file, hash); hashlen = calc_hash(file, hash);
if (len <= 1) if (hashlen <= 1)
return len; return hashlen;
if (xattr) { if (xattr) {
len = getxattr(file, "security.ima", sig, sizeof(sig)); len = getxattr(file, "security.ima", sig, sizeof(sig));
@ -1242,7 +1242,7 @@ static int verify_ima(const char *file, const char *key)
return -1; return -1;
} }
return verify_hash(hash, sizeof(hash), sig + 1, len - 1, key); return verify_hash(hash, hashlen, sig + 1, len - 1, key);
} }
static int cmd_verify_ima(struct command *cmd) static int cmd_verify_ima(struct command *cmd)