From: Vivek G. <vg...@re...> - 2013-07-10 20:57:33
|
Oops, sent it to dmitry's old email address. Vivek ----- Forwarded message from Vivek Goyal <vg...@re...> ----- Date: Wed, 10 Jul 2013 16:31:24 -0400 From: Vivek Goyal <vg...@re...> To: "Kasatkin, Dmitry" <dmi...@in...> Cc: lin...@li... Subject: [PATCH] evmctl: Fix hash array size in verify_ima() User-Agent: Mutt/1.5.21 (2010-09-15) Message-ID: <201...@re...> Now evmctl supports different hash algorithms and sha512 will produce 64 byte digest. verify_ima() still allocates only 20bytes to store hash. This does not work with larger hashes. Signed-off-by: Vivek Goyal <vg...@re...> --- src/evmctl.c | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) Index: ima-evm-utils/src/evmctl.c =================================================================== --- ima-evm-utils.orig/src/evmctl.c 2013-07-10 16:09:28.295186620 -0400 +++ ima-evm-utils/src/evmctl.c 2013-07-10 16:10:07.471634450 -0400 @@ -1213,13 +1213,13 @@ static int cmd_verify_evm(struct command static int verify_ima(const char *file, const char *key) { - unsigned char hash[20]; + unsigned char hash[64]; unsigned char sig[1024]; - int len; + int len, hashlen; - len = calc_hash(file, hash); - if (len <= 1) - return len; + hashlen = calc_hash(file, hash); + if (hashlen <= 1) + return hashlen; if (xattr) { len = getxattr(file, "security.ima", sig, sizeof(sig)); @@ -1242,7 +1242,7 @@ static int verify_ima(const char *file, return -1; } - return verify_hash(hash, sizeof(hash), sig + 1, len - 1, key); + return verify_hash(hash, hashlen, sig + 1, len - 1, key); } static int cmd_verify_ima(struct command *cmd) ----- End forwarded message ----- |