There was no room for placing the '\0' at the end of boot_aggregate value,
thus printf() was reading 1 byte beyond the array limit.
Signed-off-by: Bruno Meneguele <bmeneg@xxxxxxxxxx>
---
src/evmctl.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 2f5bd52..2bd37c2 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2252,7 +2252,8 @@ static int cmd_ima_bootaggr(struct command *cmd)
bootaggr_len += strlen(tpm_banks[i].algo_name) + 1;
bootaggr_len += (tpm_banks[i].digest_size * 2) + 1;
}
- bootaggr = malloc(bootaggr_len);
+ /* Make room for the leading \0 */
+ bootaggr = malloc(bootaggr_len + 1);
/*
* Calculate and convert the per TPM 2.0 PCR bank algorithm
@@ -2266,6 +2267,7 @@ static int cmd_ima_bootaggr(struct command *cmd)
calc_bootaggr(&tpm_banks[i]);
offset += append_bootaggr(bootaggr + offset, tpm_banks + i);
}
+ bootaggr[bootaggr_len] = '\0';
printf("%s", bootaggr);
free(bootaggr);
return 0;
--
2.26.2
