On 11/1/22 16:18, Mimi Zohar wrote:
Before calling d2i_x509_fp(), make sure the keyfile is a regular file.
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
src/libimaevm.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 8070ffd61a2c..e6fbec5bc17b 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -250,6 +250,7 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
{
FILE *fp;
EVP_PKEY *pkey = NULL;
+ struct stat st;
if (!keyfile)
return NULL;
@@ -262,6 +263,16 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
}
if (x509) {
+ if (fstat(fileno(fp), &st) == -1)
+ goto out;
+
If this was to ever happen evmctl may just terminate without an error message.
+ if ((st.st_mode & S_IFMT) != S_IFREG) {
This function can also read plain public keys in the else branch. Should this test cover both cases?
+ if (imaevm_params.verbose > LOG_INFO)
+ log_err("Keyfile is not regular file: %s\n",
+ keyfile);
+ goto out;
+ }
+
X509 *crt = d2i_X509_fp(fp, NULL);
if (!crt) {
