[prev in list] [next in list] [prev in thread] [next in thread] 

List:       linux-keyrings
Subject:    [PATCH] KEYS: check the certfile for ASN1 encoding before inserting
From:       Clay Chang <clayc () hpe ! com>
Date:       2020-01-29 9:36:12
Message-ID: 20200129093612.16889-1-clayc () hpe ! com
[Download RAW message or body]

The certfile to be inserted into the kernel must be in ASN1 encoding.
This patch implements a guard against invalid certfile.

Signed-off-by: Clay Chang <clayc@hpe.com>
---
 scripts/insert-sys-cert.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/scripts/insert-sys-cert.c b/scripts/insert-sys-cert.c
index 8902836c2342..2d9139887ba0 100644
--- a/scripts/insert-sys-cert.c
+++ b/scripts/insert-sys-cert.c
@@ -311,6 +311,11 @@ int main(int argc, char **argv)
 	if (!cert)
 		exit(EXIT_FAILURE);
 
+	if (cert[0] != 0x30 && cert[1] != 0x82) {
+		err("Invalid certfile.\n");
+		exit(EXIT_FAILURE);
+	}
+
 	hdr = map_file(vmlinux_file, &vmlinux_size);
 	if (!hdr)
 		exit(EXIT_FAILURE);
-- 
2.16.6

[prev in list] [next in list] [prev in thread] [next in thread]