| Message ID | 20221103183904.103562-18-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | address deprecated warnings | expand |
On 11/3/22 14:39, Mimi Zohar wrote: > Before attempting to use the key file, make sure it is a regular file. > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > src/libimaevm.c | 12 ++++++++++++ > 1 file changed, 12 insertions(+) > > diff --git a/src/libimaevm.c b/src/libimaevm.c > index 8070ffd61a2c..c09ed98fe508 100644 > --- a/src/libimaevm.c > +++ b/src/libimaevm.c > @@ -250,6 +250,7 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509) > { > FILE *fp; > EVP_PKEY *pkey = NULL; > + struct stat st; > > if (!keyfile) > return NULL; > @@ -261,6 +262,17 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509) > return NULL; > } > > + if (fstat(fileno(fp), &st) == -1) { > + log_err("Failed to fstat key file: %s\n", keyfile); no errno reset needed here I guess... > + goto out; > + } > + > + if ((st.st_mode & S_IFMT) != S_IFREG) { > + if (imaevm_params.verbose > LOG_INFO) > + log_err("Key file is not regular file: %s\n", keyfile); > + goto out; > + } > + > if (x509) { > X509 *crt = d2i_X509_fp(fp, NULL); > Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
diff --git a/src/libimaevm.c b/src/libimaevm.c index 8070ffd61a2c..c09ed98fe508 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -250,6 +250,7 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509) { FILE *fp; EVP_PKEY *pkey = NULL; + struct stat st; if (!keyfile) return NULL; @@ -261,6 +262,17 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509) return NULL; } + if (fstat(fileno(fp), &st) == -1) { + log_err("Failed to fstat key file: %s\n", keyfile); + goto out; + } + + if ((st.st_mode & S_IFMT) != S_IFREG) { + if (imaevm_params.verbose > LOG_INFO) + log_err("Key file is not regular file: %s\n", keyfile); + goto out; + } + if (x509) { X509 *crt = d2i_X509_fp(fp, NULL);
Before attempting to use the key file, make sure it is a regular file. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- src/libimaevm.c | 12 ++++++++++++ 1 file changed, 12 insertions(+)