955e81c3c4
This patch also fixes the computation of self-check .hmac files. Before, fipshmac was used for all binaries but since the hmaccalc tools use different parameters (SHA-512 instead of SHA-256 and a different key, this would lead to self-check failures for hmaccalc. The new post-install script calculates the hmaccalc files using sha512hmac and other .hmac files using fipshmac. The parameters for the self-check of the library were also consolidated upstream to use a single parameter set across tools (the fipscheck parameters) so that the library is checked correctly by all tools. I also dropped the kcapi-hasher binary and the hasher subpackage as it is really useless on its own (and the other hasher tools are always created as hard links). It would also be impossible to add a universally correct .hmac file since different tools would check against it with different parameters.
24 lines
793 B
Diff
24 lines
793 B
Diff
From f8e032f150522c17094e36dcf62ec3ebc77e69d8 Mon Sep 17 00:00:00 2001
|
|
From: Ondrej Mosnacek <omosnace@redhat.com>
|
|
Date: Mon, 16 Apr 2018 15:39:03 +0200
|
|
Subject: [PATCH] kcapi-hasher: Fix buffer overrun in get_hmac_file
|
|
|
|
We need to allocate space also for the terminating null character...
|
|
---
|
|
apps/kcapi-hasher.c | 2 +-
|
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
|
diff --git a/apps/kcapi-hasher.c b/apps/kcapi-hasher.c
|
|
index 861db79..2b87a45 100644
|
|
--- a/apps/kcapi-hasher.c
|
|
+++ b/apps/kcapi-hasher.c
|
|
@@ -360,7 +360,7 @@ static char *get_hmac_file(const char *filename)
|
|
fprintf(stderr, "File too long\n");
|
|
return NULL;
|
|
}
|
|
- checkfile = malloc(filelen + prefixlen + 1 + suffixlen);
|
|
+ checkfile = malloc(filelen + prefixlen + 1 + suffixlen + 1);
|
|
if (!checkfile)
|
|
return NULL;
|
|
|