git: e6ef5042e485 - main - libsecureboot: Do not propagate empty string
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 29 Jun 2022 08:51:05 UTC
The branch main has been updated by wma: URL: https://cgit.FreeBSD.org/src/commit/?id=e6ef5042e485f74e7233a9974010b16a7316167e commit e6ef5042e485f74e7233a9974010b16a7316167e Author: Wojciech Macek <wma@FreeBSD.org> AuthorDate: 2022-06-29 08:50:23 +0000 Commit: Wojciech Macek <wma@FreeBSD.org> CommitDate: 2022-06-29 08:50:23 +0000 libsecureboot: Do not propagate empty string If Trust Anchors are provided by UEFI and not compiled into libsecureboot the segmentation fault occurs due to empty or NULL string usage. Obtained from: Semihalf Reviewed by: sjg Differential revision: https://reviews.freebsd.org/D35120 --- lib/libsecureboot/vets.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/libsecureboot/vets.c b/lib/libsecureboot/vets.c index a3c1fb34a419..b06ab346f716 100644 --- a/lib/libsecureboot/vets.c +++ b/lib/libsecureboot/vets.c @@ -420,8 +420,9 @@ ve_trust_init(void) #endif #ifdef TRUST_ANCHOR_STR - ve_trust_anchors_add_buf(__DECONST(unsigned char *, TRUST_ANCHOR_STR), - sizeof(TRUST_ANCHOR_STR)); + if (TRUST_ANCHOR_STR != NULL && strlen(TRUST_ANCHOR_STR) != 0ul) + ve_trust_anchors_add_buf(__DECONST(unsigned char *, + TRUST_ANCHOR_STR), sizeof(TRUST_ANCHOR_STR)); #endif once = (int) VEC_LEN(trust_anchors); #ifdef VE_OPENPGP_SUPPORT