On Thu, Mar 12, 2020 at 05:47:57PM -0400, Jes Sorensen wrote:
> From: Jes Sorensen <jsorensen@xxxxxx>
>
> Return -EINVAL on any invalid input argument, as well
> as if any of the reserved fields are set in
> struct libfsverity_signature_digest
>
> Signed-off-by: Jes Sorensen <jsorensen@xxxxxx>
> ---
> libverity.c | 34 ++++++++++++++++++++++++++--------
> 1 file changed, 26 insertions(+), 8 deletions(-)
>
> diff --git a/libverity.c b/libverity.c
> index 1cef544..e16306d 100644
> --- a/libverity.c
> +++ b/libverity.c
> @@ -494,18 +494,36 @@ libfsverity_sign_digest(const struct libfsverity_digest *digest,
> X509 *cert = NULL;
> const EVP_MD *md;
> size_t data_size;
> - uint16_t alg_nr;
> - int retval = -EAGAIN;
> + uint16_t alg_nr, digest_size;
> + int i, retval = -EAGAIN;
> + const char magic[8] = "FSVerity";
> +
> + if (!digest || !sig_params || !sig_ret || !sig_size_ret)
> + return -EINVAL;
> +
> + if (strncmp(digest->magic, magic, sizeof(magic)))
> + return -EINVAL;
> +
> + if (!sig_params->keyfile || !sig_params->certfile)
> + return -EINVAL;
> +
> + for (i = 0; i < sizeof(sig_params->reserved) /
> + sizeof(sig_params->reserved[0]); i++) {
> + if (sig_params->reserved[i])
> + return -EINVAL;
> + }
This can use ARRAY_SIZE().
- Eric
|