libkcapi/libkcapi-1.1.0-kcapi-hasher_Fix_buffer_overrun_in_get_hmac_file.patch

From f8e032f150522c17094e36dcf62ec3ebc77e69d8 Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Mon, 16 Apr 2018 15:39:03 +0200
Subject: [PATCH] kcapi-hasher: Fix buffer overrun in get_hmac_file

We need to allocate space also for the terminating null character...
---
 apps/kcapi-hasher.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index 861db79..2b87a45 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -360,7 +360,7 @@ static char *get_hmac_file(const char *filename)
 		fprintf(stderr, "File too long\n");
 		return NULL;
 	}
-	checkfile = malloc(filelen + prefixlen + 1 + suffixlen);
+	checkfile = malloc(filelen + prefixlen + 1 + suffixlen + 1);
 	if (!checkfile)
 		return NULL;
Update to upstream version 1.1.0 This patch also fixes the computation of self-check .hmac files. Before, fipshmac was used for all binaries but since the hmaccalc tools use different parameters (SHA-512 instead of SHA-256 and a different key, this would lead to self-check failures for hmaccalc. The new post-install script calculates the hmaccalc files using sha512hmac and other .hmac files using fipshmac. The parameters for the self-check of the library were also consolidated upstream to use a single parameter set across tools (the fipscheck parameters) so that the library is checked correctly by all tools. I also dropped the kcapi-hasher binary and the hasher subpackage as it is really useless on its own (and the other hasher tools are always created as hard links). It would also be impossible to add a universally correct .hmac file since different tools would check against it with different parameters. 2018-04-12 13:30:14 +00:00			`From f8e032f150522c17094e36dcf62ec3ebc77e69d8 Mon Sep 17 00:00:00 2001`
			`From: Ondrej Mosnacek <omosnace@redhat.com>`
			`Date: Mon, 16 Apr 2018 15:39:03 +0200`
			`Subject: [PATCH] kcapi-hasher: Fix buffer overrun in get_hmac_file`

			`We need to allocate space also for the terminating null character...`
			`---`
			`apps/kcapi-hasher.c \| 2 +-`
			`1 file changed, 1 insertion(+), 1 deletion(-)`

			`diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c`
			`index 861db79..2b87a45 100644`
			`--- a/apps/kcapi-hasher.c`
			`+++ b/apps/kcapi-hasher.c`
			`@@ -360,7 +360,7 @@ static char get_hmac_file(const char filename)`
			`fprintf(stderr, "File too long\n");`
			`return NULL;`
			`}`
			`- checkfile = malloc(filelen + prefixlen + 1 + suffixlen);`
			`+ checkfile = malloc(filelen + prefixlen + 1 + suffixlen + 1);`
			`if (!checkfile)`
			`return NULL;`