On Sun, 2022-06-19 at 20:34 -0400, Stefan Berger wrote:
>
>
> > - /* support reading hash (eg. output of shasum) */
> > while ((len = getline(&line, &line_len, stdin)) > 0) {
> > /* remove end of line */
> > if (line[len - 1] == '\n')
> > line[--len] = '\0';
> >
> > - /* find the end of the hash */
> > - token = strpbrk(line, ", \t");
> > - hashlen = token ? token - line : strlen(line);
> > + /*
> > + * Before either directly or indirectly signing the hash,
> > + * convert the hex-ascii hash representation to binary.
> > + */
> > + if (veritysig) {
> > +
> > + /* split the algorithm from the hash */
> > + hashp = strpbrk(line, ":");
> > + if (hashp) /* pointer to the delimiter */
> > + algolen = hashp - line;
> > +
> > + if (!hashp || algolen <= 0 ||
> > + algolen >= sizeof(algo)) {
> > + log_err("Missing/invalid fsverity hash algorithm\n");
> > + continue;
> > + }
> > +
> > + strncpy(algo, line, algolen);
> > + algo[algolen] = '\0'; /* Nul terminate algorithm */
> > +
> > + hashp++;
> > + token = strpbrk(line, ", \t");
>
> I haven't run this so I don't know the output but maybe the code should
> show what the expected line looks like. That strpbrk is looking for any
> one of ',', ' ', and '\t' is ok? And the start of the search should be
> line and cannot be hashp ?
> token == NULL check?
> > +/*
> > + * Calculate the signature format version 3 hash based on the portion
> > + * of the ima_file_id structure used, not the entire structure.
> > + *
> > + * For openssl errors return 1, other errors return -EINVAL.
>
> Returns the legth of the hash otherwise.
>
>
> With the two nits fixed:
>
> Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
Thanks, Stefan. I've addressed both of the issues. This patch set and
other ci/travis changes are in next-testing.
Mimi
