Fix off-by-one error in checkfile parsing

Add patch from upstream that fixes a bug that caused FIPS self-check of hmaccalc binaries on Fedora.
2018-07-11 14:52:19 +02:00 · 2018-07-11 14:52:19 +02:00 · 8d36778e3a
commit 8d36778e3a
parent a8b3dd6715
2 changed files with 34 additions and 1 deletions
--- a/libkcapi-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch
+++ b/libkcapi-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch
@ -0,0 +1,29 @@
+From 94c8277dd8fbd2193cb3804c304e965c9238951d Mon Sep 17 00:00:00 2001
+From: Ondrej Mosnacek <omosnace@redhat.com>
+Date: Wed, 11 Jul 2018 14:41:14 +0200
+Subject: [PATCH] kcapi-hasher: Fix off-by-one error
+
+There was an off-by-one error in process_checkfile() that caused the
+hasher to misparse checkfiles that contain only the hash (for
+self-check).
+---
+ apps/kcapi-hasher.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
+index ae88211..00f0373 100644
+--- a/apps/kcapi-hasher.c
+++ b/apps/kcapi-hasher.c
+@@ -514,8 +514,11 @@ static int process_checkfile(const struct hash_params *params,
+ 		uint32_t i;
+ 		uint32_t bsd_style = 0; // >0 if --tag formatted style
+ 
+		if (linelen == 0)
+			break;
+
+ 		/* remove trailing CR and reduce buffer length */
+-		for (i = linelen; i > 0; i--) {
+		for (i = linelen - 1; i > 0; i--) {
+ 			if (!isprint(buf[i])) {
+ 				buf[i] = '\0';
+ 				linelen--;
--- a/libkcapi.spec
+++ b/libkcapi.spec
@ -91,7 +91,7 @@ bin/kcapi-hasher -n fipshmac "$lib_path"/libkcapi.so.%{version}  \\\

 Name:           libkcapi
 Version:        %{vmajor}.%{vminor}.%{vpatch}
-Release:        2%{?dist}
+Release:        3%{?dist}
 Summary:        User space interface to the Linux Kernel Crypto API

 License:        BSD or GPLv2
@ -100,6 +100,7 @@ Source0:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz
 Source1:        http://www.chronox.de/%{name}/%{name}-%{version}.tar.xz.asc

 Patch0:         %{giturl}/pull/60.patch#/%{name}-1.1.1-kcapi-hasher_Fix_command-line_parsing.patch
+Patch1:         %{giturl}/pull/61.patch#/%{name}-1.1.1-kcapi-hasher_Fix_off-by-one_error.patch

 BuildRequires:  clang
 BuildRequires:  coreutils
@ -418,6 +419,9 @@ popd


 %changelog
+* Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-3
+- Fix off-by-one error in checkfile parsing
+
 * Wed Jul 11 2018 Ondrej Mosnáček <omosnace@redhat.com> - 1.1.1-2
 - Fix command-line parsing in libkcapi-hmaccalc