git: 9c95cd930378 - stable/13 - libsecureboot: Do not propagate empty string
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 14 Apr 2023 07:26:28 UTC
The branch stable/13 has been updated by gbe:
URL: https://cgit.FreeBSD.org/src/commit/?id=9c95cd930378cf5014b0abdafd3cc6645bfabbc8
commit 9c95cd930378cf5014b0abdafd3cc6645bfabbc8
Author: Wojciech Macek <wma@FreeBSD.org>
AuthorDate: 2022-06-29 08:50:23 +0000
Commit: Gordon Bergling <gbe@FreeBSD.org>
CommitDate: 2023-04-14 07:25:05 +0000
libsecureboot: Do not propagate empty string
If Trust Anchors are provided by UEFI and not compiled into
libsecureboot the segmentation fault occurs due to empty
or NULL string usage.
Obtained from: Semihalf
Reviewed by: sjg
Differential revision: https://reviews.freebsd.org/D35120
(cherry picked from commit e6ef5042e485f74e7233a9974010b16a7316167e)
---
lib/libsecureboot/vets.c | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/lib/libsecureboot/vets.c b/lib/libsecureboot/vets.c
index dd347a0a8c13..af423b1cd7c0 100644
--- a/lib/libsecureboot/vets.c
+++ b/lib/libsecureboot/vets.c
@@ -420,8 +420,9 @@ ve_trust_init(void)
#endif
#ifdef TRUST_ANCHOR_STR
- ve_trust_anchors_add_buf(__DECONST(unsigned char *, TRUST_ANCHOR_STR),
- sizeof(TRUST_ANCHOR_STR));
+ if (TRUST_ANCHOR_STR != NULL && strlen(TRUST_ANCHOR_STR) != 0ul)
+ ve_trust_anchors_add_buf(__DECONST(unsigned char *,
+ TRUST_ANCHOR_STR), sizeof(TRUST_ANCHOR_STR));
#endif
once = (int) VEC_LEN(trust_anchors);
#ifdef VE_OPENPGP_SUPPORT