Mimi, On Tue, Jul 23, 2019 at 08:19:46PM -0400, Mimi Zohar wrote: > On Wed, 2019-07-24 at 02:13 +0300, Vitaly Chikunov wrote: > > > > > + tail->next = entry; > > > > > > > > In that case here is SIGSEGV when user try to ima_verify. > > > > > > find_keyid() returns NULL, which is checked before being used. > > > There's only one caller of this function. > > > > find_keyid does not return since tail is NULL, thus there is null > > dereference in `tail->next`. > > > > > Do you have a test case to reproduce this bug? > > > > ima-evm-utils/tests ((31b5f50...))$ rm sha1.txt > > ima-evm-utils/tests ((31b5f50...))$ touch sha1.txt > > ima-evm-utils/tests ((31b5f50...))$ evmctl ima_sign -k test-rsa1024.key -a sha1 --xattr-user sha1.txt > > ima-evm-utils/tests ((31b5f50...))$ evmctl ima_verify -k /absent --xattr-user sha1.txt > > Failed to open keyfile: /absent > > Segmentation fault > > > > 31b5f50 is head of your git next branch. > > > > I temporary fixed like this: > > > > - tail->next = entry; > > + if (tail) > > + tail->next = entry; > > + else > > + public_keys = entry; > > I see. If you don't object, I'll fold this into the original patch. Of course. Thanks,
