diff mbox series

[v6,01/11] ima-evm-utils: Make sure sig buffer is always MAX_SIGNATURE_SIZE

Message ID 20190620071304.24495-2-vt@altlinux.org (mailing list archive)
State New, archived
Headers show
Series ima-evm-utils: Convert v2 signatures from RSA to EVP_PKEY API | expand

Commit Message

Vitaly Chikunov June 20, 2019, 7:12 a.m. UTC 
Fix off-by-one error of the output buffer passed to sign_hash().

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
 src/evmctl.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/src/evmctl.c b/src/evmctl.c
index 15a7226..03f41fe 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -510,7 +510,7 @@  static int calc_evm_hash(const char *file, unsigned char *hash)
 static int sign_evm(const char *file, const char *key)
 {
 	unsigned char hash[MAX_DIGEST_SIZE];
-	unsigned char sig[MAX_SIGNATURE_SIZE];
+	unsigned char sig[MAX_SIGNATURE_SIZE + 1];
 	int len, err;
 
 	len = calc_evm_hash(file, hash);
@@ -519,7 +519,7 @@  static int sign_evm(const char *file, const char *key)
 		return len;
 
 	len = sign_hash(params.hash_algo, hash, len, key, NULL, sig + 1);
-	assert(len < sizeof(sig));
+	assert(len <= MAX_SIGNATURE_SIZE);
 	if (len <= 1)
 		return len;