sbkeysync: Improve error handling in read_firmware_key_database
We should free filename, and buf on error. Also, check for the length of the file's data; we may be passed empty files, and end up with a negative len. Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
Jeremy Kerr
parent
16c09d22a6
commit
41c741fe13
1 changed files with 15 additions and 3 deletions
|
|
@ -321,6 +321,7 @@ static int read_firmware_key_database(struct key_database *kdb,
|
|||
char guid_str[GUID_STRLEN];
|
||||
char *filename;
|
||||
uint8_t *buf;
|
||||
int rc = -1;
|
||||
size_t len;
|
||||
|
||||
guid_to_str(&kdb->type->guid, guid_str);
|
||||
|
|
@ -328,16 +329,27 @@ static int read_firmware_key_database(struct key_database *kdb,
|
|||
filename = talloc_asprintf(kdb, "%s/%s-%s", dir,
|
||||
kdb->type->name, guid_str);
|
||||
|
||||
if (fileio_read_file_noerror(ctx, filename, &buf, &len))
|
||||
return -1;
|
||||
buf = NULL;
|
||||
rc = fileio_read_file_noerror(kdb, filename, &buf, &len);
|
||||
if (rc)
|
||||
goto out;
|
||||
|
||||
/* efivars files start with a 32-bit attribute block */
|
||||
if (len < sizeof(uint32_t))
|
||||
goto out;
|
||||
|
||||
buf += sizeof(uint32_t);
|
||||
len -= sizeof(uint32_t);
|
||||
|
||||
rc = 0;
|
||||
sigdb_iterate(buf, len, sigdb_add_key, kdb);
|
||||
|
||||
return 0;
|
||||
out:
|
||||
if (rc)
|
||||
talloc_free(buf);
|
||||
talloc_free(filename);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
struct keystore_add_ctx {
|
||||
|
|
|
|||
Loading…
Reference in a new issue