| Message ID | 20200715213906.194041-4-bmeneg@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ima-evm-utils: miscellanous bug fixes | expand |
On Wed, 2020-07-15 at 18:39 -0300, Bruno Meneguele wrote: > diff --git a/src/evmctl.c b/src/evmctl.c > index 2f5bd52..2bd37c2 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > @@ -2252,7 +2252,8 @@ static int cmd_ima_bootaggr(struct command *cmd) > bootaggr_len += strlen(tpm_banks[i].algo_name) + 1; > bootaggr_len += (tpm_banks[i].digest_size * 2) + 1; > } > - bootaggr = malloc(bootaggr_len); > + /* Make room for the leading \0 */ ^Trailing null Mimi > + bootaggr = malloc(bootaggr_len + 1); > > /* > * Calculate and convert the per TPM 2.0 PCR bank algorithm
On Wed, Jul 15, 2020 at 06:30:07PM -0400, Mimi Zohar wrote: > On Wed, 2020-07-15 at 18:39 -0300, Bruno Meneguele wrote: > > diff --git a/src/evmctl.c b/src/evmctl.c > > index 2f5bd52..2bd37c2 100644 > > --- a/src/evmctl.c > > +++ b/src/evmctl.c > > @@ -2252,7 +2252,8 @@ static int cmd_ima_bootaggr(struct command *cmd) > > bootaggr_len += strlen(tpm_banks[i].algo_name) + 1; > > bootaggr_len += (tpm_banks[i].digest_size * 2) + 1; > > } > > - bootaggr = malloc(bootaggr_len); > > + /* Make room for the leading \0 */ > > ^Trailing null > hahah.. of course. Thanks :) > Mimi > > > + bootaggr = malloc(bootaggr_len + 1); > > > > /* > > * Calculate and convert the per TPM 2.0 PCR bank algorithm >
diff --git a/src/evmctl.c b/src/evmctl.c index 2f5bd52..2bd37c2 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -2252,7 +2252,8 @@ static int cmd_ima_bootaggr(struct command *cmd) bootaggr_len += strlen(tpm_banks[i].algo_name) + 1; bootaggr_len += (tpm_banks[i].digest_size * 2) + 1; } - bootaggr = malloc(bootaggr_len); + /* Make room for the leading \0 */ + bootaggr = malloc(bootaggr_len + 1); /* * Calculate and convert the per TPM 2.0 PCR bank algorithm @@ -2266,6 +2267,7 @@ static int cmd_ima_bootaggr(struct command *cmd) calc_bootaggr(&tpm_banks[i]); offset += append_bootaggr(bootaggr + offset, tpm_banks + i); } + bootaggr[bootaggr_len] = '\0'; printf("%s", bootaggr); free(bootaggr); return 0;
There was no room for placing the '\0' at the end of boot_aggregate value, thus printf() was reading 1 byte beyond the array limit. Signed-off-by: Bruno Meneguele <bmeneg@redhat.com> --- src/evmctl.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)