vbatts/sbsigntools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

sbkeysync: Improve error handling in read_firmware_key_database

Browse source 
We should free filename, and buf on error.

Also, check for the length of the file's data; we may be passed empty
files, and end up with a negative len.

Signed-off-by: Jeremy Kerr <jeremy.kerr@canonical.com>
This commit is contained in:
Jeremy Kerr 2012-08-23 18:52:48 +08:00
parent 16c09d22a6
commit 41c741fe13
1 changed files with 15 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

18
src/sbkeysync.c
View file

@ -321,6 +321,7 @@ static int read_firmware_key_database(struct key_database *kdb,
char guid_str[GUID_STRLEN]; char guid_str[GUID_STRLEN];
char *filename; char *filename;
uint8_t *buf; uint8_t *buf;
int rc = -1;
size_t len; size_t len;
guid_to_str(&kdb->type->guid, guid_str); guid_to_str(&kdb->type->guid, guid_str);
@ -328,16 +329,27 @@ static int read_firmware_key_database(struct key_database *kdb,
filename = talloc_asprintf(kdb, "%s/%s-%s", dir, filename = talloc_asprintf(kdb, "%s/%s-%s", dir,
kdb->type->name, guid_str); kdb->type->name, guid_str);
if (fileio_read_file_noerror(ctx, filename, &buf, &len)) buf = NULL;
return -1; rc = fileio_read_file_noerror(kdb, filename, &buf, &len);
if (rc)
goto out;
/* efivars files start with a 32-bit attribute block */ /* efivars files start with a 32-bit attribute block */
if (len < sizeof(uint32_t))
goto out;
buf += sizeof(uint32_t); buf += sizeof(uint32_t);
len -= sizeof(uint32_t); len -= sizeof(uint32_t);
rc = 0;
sigdb_iterate(buf, len, sigdb_add_key, kdb); sigdb_iterate(buf, len, sigdb_add_key, kdb);
return 0; out:
if (rc)
talloc_free(buf);
talloc_free(filename);
return rc;
} }
struct keystore_add_ctx { struct keystore_add_ctx {