From patchwork Mon Jan 9 07:52:48 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Alberto Mardegan X-Patchwork-Id: 13093111 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 1D68CC54EBD for ; Mon, 9 Jan 2023 07:52:58 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S233304AbjAIHw5 convert rfc822-to-8bit (ORCPT ); Mon, 9 Jan 2023 02:52:57 -0500 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:53326 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S234343AbjAIHwz (ORCPT ); Mon, 9 Jan 2023 02:52:55 -0500 Received: from mx01.omp.ru (mx01.omp.ru [90.154.21.10]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 4634113D46 for ; Sun, 8 Jan 2023 23:52:53 -0800 (PST) Received: from msexch01.omp.ru (10.188.4.12) by msexch01.omp.ru (10.188.4.12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384) id 15.2.986.14; Mon, 9 Jan 2023 10:52:48 +0300 Received: from msexch01.omp.ru ([fe80::4020:d881:621a:6b6b]) by msexch01.omp.ru ([fe80::4020:d881:621a:6b6b%5]) with mapi id 15.02.0986.014; Mon, 9 Jan 2023 10:52:48 +0300 From: Alberto Mardegan To: "linux-integrity@vger.kernel.org" Subject: [PATCH] libimaevm: do not crash if the certificate cannot be read Thread-Topic: [PATCH] libimaevm: do not crash if the certificate cannot be read Thread-Index: AQHZI/9dfJNfwkhsDk2eAu6wq9tXpA== Date: Mon, 9 Jan 2023 07:52:48 +0000 Message-ID: <20230109075230.20484-1-a.mardegan@omp.ru> References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.188.4.41] x-kse-serverinfo: msexch01.omp.ru, 9 x-kse-attachmentfiltering-interceptor-info: protection disabled x-kse-antivirus-interceptor-info: scan successful x-kse-antivirus-info: Clean, bases: 1/9/2023 3:20:00 AM x-kse-bulkmessagesfiltering-scan-result: InTheLimit MIME-Version: 1.0 Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org This code path can be triggered if someone inadvertedly swaps the key with the certificate in the evmctl command line. Our `x` variable would be NULL, and we need to abort further processing of the certificate. Signed-off-by: Alberto Mardegan --- src/libimaevm.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/libimaevm.c b/src/libimaevm.c index c09ed98..5b22462 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -923,6 +923,7 @@ static int read_keyid_from_cert(uint32_t *keyid_be, const char *certfile, int tr ERR_print_errors_fp(stderr); log_err("read keyid: %s: Error reading x509 certificate\n", certfile); + return -1; } if (!(skid = x509_get_skid(x, &skid_len))) {