Blame SOURCES/fipscheck-1.4.1-empty-hmac.patch

b561c0
diff -up fipscheck-1.4.1/src/fipscheck.c.empty-hmac fipscheck-1.4.1/src/fipscheck.c
b561c0
--- fipscheck-1.4.1/src/fipscheck.c.empty-hmac	2013-09-10 10:54:30.000000000 +0200
b561c0
+++ fipscheck-1.4.1/src/fipscheck.c	2017-02-21 14:30:27.616371594 +0100
b561c0
@@ -34,13 +34,15 @@
b561c0
 #include "filehmac.h"
b561c0
 #include "fipscheck.h"
b561c0
 
b561c0
+#define MAX_HMAC_LEN 1024
b561c0
+
b561c0
 static int
b561c0
 verify_hmac(const char *path, const char *hmac_suffix)
b561c0
 {
b561c0
 	FILE *hf = NULL;
b561c0
 	char *hmacpath, *p;
b561c0
-	int rv = 0;
b561c0
-	char *hmac = NULL;
b561c0
+	int rv = 1;
b561c0
+	char hmac[MAX_HMAC_LEN];
b561c0
 	size_t n;
b561c0
 	const char *hmacdir = PATH_HMACDIR;
b561c0
 
b561c0
@@ -62,7 +64,7 @@ verify_hmac(const char *path, const char
b561c0
 		hmacdir = NULL;
b561c0
 	} while (hf == NULL);
b561c0
 
b561c0
-	if (getline(&hmac, &n, hf) > 0) {
b561c0
+	if (fgets(hmac, sizeof(hmac), hf) != NULL) {
b561c0
 		void *buf;
b561c0
 		size_t hmaclen;
b561c0
 		char *hex;
b561c0
@@ -84,14 +86,17 @@ verify_hmac(const char *path, const char
b561c0
 
b561c0
 		if (strcmp(hex, hmac) != 0) {
b561c0
 			debug_log("Hmac mismatch on file '%s'", path);
b561c0
-			rv = 1;
b561c0
+		} else {
b561c0
+			/* checksum matched */
b561c0
+			rv = 0;
b561c0
 		}
b561c0
 		free(buf);
b561c0
 		free(hex);
b561c0
+	} else {
b561c0
+		debug_log("Empty or broken hmac on file '%s'", path);
b561c0
 	}
b561c0
 
b561c0
 end:
b561c0
-	free(hmac);
b561c0
 	fclose(hf);
b561c0
 	return rv;
b561c0
 }