On 11/3/22 14:39, Mimi Zohar wrote:
Before attempting to use the key file, make sure it is a regular file.
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
src/libimaevm.c | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 8070ffd61a2c..c09ed98fe508 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -250,6 +250,7 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
{
FILE *fp;
EVP_PKEY *pkey = NULL;
+ struct stat st;
if (!keyfile)
return NULL;
@@ -261,6 +262,17 @@ EVP_PKEY *read_pub_pkey(const char *keyfile, int x509)
return NULL;
}
+ if (fstat(fileno(fp), &st) == -1) {
+ log_err("Failed to fstat key file: %s\n", keyfile);
no errno reset needed here I guess...
+ goto out;
+ }
+
+ if ((st.st_mode & S_IFMT) != S_IFREG) {
+ if (imaevm_params.verbose > LOG_INFO)
+ log_err("Key file is not regular file: %s\n", keyfile);
+ goto out;
+ }
+
if (x509) {
X509 *crt = d2i_X509_fp(fp, NULL);
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
