rpms/libkcapi
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix off-by-one error in checkfile parsing

Browse Source 
Add patch from upstream that fixes a bug that caused FIPS self-check of
hmaccalc binaries on Fedora.
This commit is contained in:
Ondrej Mosnacek 2018-07-11 14:52:19 +02:00
parent a8b3dd6715
commit 8d36778e3a
2 changed files with 34 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
libkcapi-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch Normal file
View File

@ -0,0 +1,29 @@
From 94c8277dd8fbd2193cb3804c304e965c9238951d Mon Sep 17 00:00:00 2001
From: Ondrej Mosnacek <omosnace@redhat.com>
Date: Wed, 11 Jul 2018 14:41:14 +0200
Subject: [PATCH] kcapi-hasher: Fix off-by-one error
There was an off-by-one error in process_checkfile() that caused the
hasher to misparse checkfiles that contain only the hash (for
self-check).
---
apps/kcapi-hasher.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
index ae88211..00f0373 100644
--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
@@ -514,8 +514,11 @@ static int process_checkfile(const struct hash_params *params,
uint32_t i;
uint32_t bsd_style = 0; // >0 if --tag formatted style
+ if (linelen == 0)
+ break;
+
/* remove trailing CR and reduce buffer length */
- for (i = linelen; i > 0; i--) {
+ for (i = linelen - 1; i > 0; i--) {
if (!isprint(buf[i])) {
buf[i] = '\0';
linelen--;

6
libkcapi.spec
View File

@ -91,7 +91,7 @@ bin/kcapi-hasher -n fipshmac "$lib_path"/libkcapi.so.%{version} \\\
Name: libkcapi Name: libkcapi
Version: %{vmajor}.%{vminor}.%{vpatch} Version: %{vmajor}.%{vminor}.%{vpatch}
Release: 2%{?dist} Release: 3%{?dist}
Summary: User space interface to the Linux Kernel Crypto API Summary: User space interface to the Linux Kernel Crypto API
License: BSD or GPLv2 License: BSD or GPLv2
@ -100,6 +100,7 @@ Source0: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc Source1: http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc
Patch0: %{giturl}/pull/60.patch#/%{name}-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch Patch0: %{giturl}/pull/60.patch#/%{name}-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch
Patch1: %{giturl}/pull/61.patch#/%{name}-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch
BuildRequires: clang BuildRequires: clang
BuildRequires: coreutils BuildRequires: coreutils
@ -418,6 +419,9 @@ popd
%changelog %changelog
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-3
- Fix off-by-one error in checkfile parsing
* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-2 * Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-2
- Fix command-line parsing in libkcapi-hmaccalc - Fix command-line parsing in libkcapi-hmaccalc