Blame SOURCES/fipscheck-1.4.1-empty-hmac.patch
|
 |
297ef1 |
diff -up fipscheck-1.4.1/src/fipscheck.c.empty-hmac fipscheck-1.4.1/src/fipscheck.c
|
|
|
297ef1 |
--- fipscheck-1.4.1/src/fipscheck.c.empty-hmac 2013-09-10 10:54:30.000000000 +0200
|
|
|
297ef1 |
+++ fipscheck-1.4.1/src/fipscheck.c 2017-02-21 14:30:27.616371594 +0100
|
|
|
297ef1 |
@@ -34,13 +34,15 @@
|
|
|
297ef1 |
#include "filehmac.h"
|
|
|
297ef1 |
#include "fipscheck.h"
|
|
|
297ef1 |
|
|
|
297ef1 |
+#define MAX_HMAC_LEN 1024
|
|
|
297ef1 |
+
|
|
|
297ef1 |
static int
|
|
|
297ef1 |
verify_hmac(const char *path, const char *hmac_suffix)
|
|
|
297ef1 |
{
|
|
|
297ef1 |
FILE *hf = NULL;
|
|
|
297ef1 |
char *hmacpath, *p;
|
|
|
297ef1 |
- int rv = 0;
|
|
|
297ef1 |
- char *hmac = NULL;
|
|
|
297ef1 |
+ int rv = 1;
|
|
|
297ef1 |
+ char hmac[MAX_HMAC_LEN];
|
|
|
297ef1 |
size_t n;
|
|
|
297ef1 |
const char *hmacdir = PATH_HMACDIR;
|
|
|
297ef1 |
|
|
|
297ef1 |
@@ -62,7 +64,7 @@ verify_hmac(const char *path, const char
|
|
|
297ef1 |
hmacdir = NULL;
|
|
|
297ef1 |
} while (hf == NULL);
|
|
|
297ef1 |
|
|
|
297ef1 |
- if (getline(&hmac, &n, hf) > 0) {
|
|
|
297ef1 |
+ if (fgets(hmac, sizeof(hmac), hf) != NULL) {
|
|
|
297ef1 |
void *buf;
|
|
|
297ef1 |
size_t hmaclen;
|
|
|
297ef1 |
char *hex;
|
|
|
297ef1 |
@@ -84,14 +86,17 @@ verify_hmac(const char *path, const char
|
|
|
297ef1 |
|
|
|
297ef1 |
if (strcmp(hex, hmac) != 0) {
|
|
|
297ef1 |
debug_log("Hmac mismatch on file '%s'", path);
|
|
|
297ef1 |
- rv = 1;
|
|
|
297ef1 |
+ } else {
|
|
|
297ef1 |
+ /* checksum matched */
|
|
|
297ef1 |
+ rv = 0;
|
|
|
297ef1 |
}
|
|
|
297ef1 |
free(buf);
|
|
|
297ef1 |
free(hex);
|
|
|
297ef1 |
+ } else {
|
|
|
297ef1 |
+ debug_log("Empty or broken hmac on file '%s'", path);
|
|
|
297ef1 |
}
|
|
|
297ef1 |
|
|
|
297ef1 |
end:
|
|
|
297ef1 |
- free(hmac);
|
|
|
297ef1 |
fclose(hf);
|
|
|
297ef1 |
return rv;
|
|
|
297ef1 |
}
|