| Message ID | 20210716140531.945013-1-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | [ima-evm-utils,1/3] Fix out-of-bounds read | expand |
diff --git a/src/evmctl.c b/src/evmctl.c index 04f14af9ab29..e1464ade4837 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -1108,7 +1108,8 @@ static int calc_evm_hmac(const char *file, const char *keyfile, unsigned char *h /* EVM key is 128 bytes */ memcpy(evmkey, key, keylen); - memset(evmkey + keylen, 0, sizeof(evmkey) - keylen); + if (keylen < sizeof(evmkey)) + memset(evmkey + keylen, 0, sizeof(evmkey) - keylen); if (lstat(file, &st)) { log_err("Failed to stat: %s\n", file);
Coverity reported "overrunning an array". Properly clear only the remaining unused buffer memory. Fixes: 874c0fd45cab ("EVM hmac calculation") Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- src/evmctl.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-)