diff -up fipscheck-1.4.1/src/fipscheck.c.empty-hmac fipscheck-1.4.1/src/fipscheck.c
--- fipscheck-1.4.1/src/fipscheck.c.empty-hmac	2013-09-10 10:54:30.000000000 +0200
+++ fipscheck-1.4.1/src/fipscheck.c	2017-02-21 14:30:27.616371594 +0100
@@ -34,13 +34,15 @@
 #include "filehmac.h"
 #include "fipscheck.h"
 
+#define MAX_HMAC_LEN 1024
+
 static int
 verify_hmac(const char *path, const char *hmac_suffix)
 {
 	FILE *hf = NULL;
 	char *hmacpath, *p;
-	int rv = 0;
-	char *hmac = NULL;
+	int rv = 1;
+	char hmac[MAX_HMAC_LEN];
 	size_t n;
 	const char *hmacdir = PATH_HMACDIR;
 
@@ -62,7 +64,7 @@ verify_hmac(const char *path, const char
 		hmacdir = NULL;
 	} while (hf == NULL);
 
-	if (getline(&hmac, &n, hf) > 0) {
+	if (fgets(hmac, sizeof(hmac), hf) != NULL) {
 		void *buf;
 		size_t hmaclen;
 		char *hex;
@@ -84,14 +86,17 @@ verify_hmac(const char *path, const char
 
 		if (strcmp(hex, hmac) != 0) {
 			debug_log("Hmac mismatch on file '%s'", path);
-			rv = 1;
+		} else {
+			/* checksum matched */
+			rv = 0;
 		}
 		free(buf);
 		free(hex);
+	} else {
+		debug_log("Empty or broken hmac on file '%s'", path);
 	}
 
 end:
-	free(hmac);
 	fclose(hf);
 	return rv;
 }