Mimi,
On Thu, Jul 18, 2019 at 10:29:54AM -0400, Mimi Zohar wrote:
> Each tima a new unknown key is encountered, emit a message of the format
> "key #: <keyid> unknown". The individual files using unknown keys are
> then only logged in verbose mode.
>
> Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> ---
> src/libimaevm.c | 21 +++++++++++++++++----
> 1 file changed, 17 insertions(+), 4 deletions(-)
>
> diff --git a/src/libimaevm.c b/src/libimaevm.c
> index 43eb4ef2412c..d2194a6ca0f8 100644
> --- a/src/libimaevm.c
> +++ b/src/libimaevm.c
> @@ -402,13 +402,26 @@ static struct public_key_entry *public_keys = NULL;
>
> static EVP_PKEY *find_keyid(uint32_t keyid)
> {
> - struct public_key_entry *entry;
> + struct public_key_entry *entry, *tail = public_keys;
If user specified in `-k` filename that does not exist no key is added
into public_keys and it remains NULL.
> + int i = 1;
>
> for (entry = public_keys; entry != NULL; entry = entry->next) {
> if (entry->keyid == keyid)
> return entry->key;
> + i++;
> + tail = entry;
> }
> - return NULL;
> +
> + /* add unknown keys to list */
> + entry = calloc(1, sizeof(struct public_key_entry));
> + if (!entry) {
> + perror("calloc");
> + return 0;
> + }
> + entry->keyid = keyid;
> + tail->next = entry;
In that case here is SIGSEGV when user try to ima_verify.
> + log_err("key %d: %x unknown\n", i, __be32_to_cpup(&keyid));
> + return 0;
> }
>
> void init_public_keys(const char *keyfiles)
> @@ -470,8 +483,8 @@ static int verify_hash_v2(const char *file, const unsigned char *hash, int size,
>
> pkey = find_keyid(keyid);
> if (!pkey) {
> - log_err("%s: unknown keyid: %x\n",
> - file, __be32_to_cpup(&keyid));
> + log_info("%s: unknown keyid: %x\n",
> + file, __be32_to_cpup(&keyid));
> return -1;
> }
>
