| Message ID | 20190614015410.26039-2-vt@altlinux.org (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ima-avm-utils: Convert sign v2 from RSA to EVP_PKEY API | expand |
On Fri, 2019-06-14 at 04:54 +0300, Vitaly Chikunov wrote: > Fix off-by-one error of the output buffer passed to sign_hash(). > > Signed-off-by: Vitaly Chikunov <vt@altlinux.org> > --- > src/evmctl.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > index 15a7226..b6333bf 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > @@ -510,7 +510,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) > static int sign_evm(const char *file, const char *key) > { > unsigned char hash[MAX_DIGEST_SIZE]; > - unsigned char sig[MAX_SIGNATURE_SIZE]; > + unsigned char sig[MAX_SIGNATURE_SIZE + 1]; > int len, err; > > len = calc_evm_hash(file, hash); > @@ -519,7 +519,7 @@ static int sign_evm(const char *file, const char *key) > return len; > > len = sign_hash(params.hash_algo, hash, len, key, NULL, sig + 1); > - assert(len < sizeof(sig)); > + assert(len < MAX_SIGNATURE_SIZE); Should this be "<="? Mimi > if (len <= 1) > return len; >
diff --git a/src/evmctl.c b/src/evmctl.c index 15a7226..b6333bf 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -510,7 +510,7 @@ static int calc_evm_hash(const char *file, unsigned char *hash) static int sign_evm(const char *file, const char *key) { unsigned char hash[MAX_DIGEST_SIZE]; - unsigned char sig[MAX_SIGNATURE_SIZE]; + unsigned char sig[MAX_SIGNATURE_SIZE + 1]; int len, err; len = calc_evm_hash(file, hash); @@ -519,7 +519,7 @@ static int sign_evm(const char *file, const char *key) return len; len = sign_hash(params.hash_algo, hash, len, key, NULL, sig + 1); - assert(len < sizeof(sig)); + assert(len < MAX_SIGNATURE_SIZE); if (len <= 1) return len;
Fix off-by-one error of the output buffer passed to sign_hash(). Signed-off-by: Vitaly Chikunov <vt@altlinux.org> --- src/evmctl.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)