diff options
author | Dmitry Kasatkin <d.kasatkin@samsung.com> | 2014-11-26 15:55:00 +0100 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2015-05-21 19:59:28 +0200 |
commit | 9d03a721a3a4a5120de790a0e67dc324c2ed9184 (patch) | |
tree | 0ad52d2f7800e0c5f78c121ec5d5b24e33f7c954 /security | |
parent | KEYS: fix "ca_keys=" partial key matching (diff) | |
download | linux-9d03a721a3a4a5120de790a0e67dc324c2ed9184.tar.xz linux-9d03a721a3a4a5120de790a0e67dc324c2ed9184.zip |
integrity: add validity checks for 'path' parameter
This patch adds validity checks for 'path' parameter and
makes it const.
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/digsig.c | 2 | ||||
-rw-r--r-- | security/integrity/iint.c | 3 | ||||
-rw-r--r-- | security/integrity/integrity.h | 2 |
3 files changed, 5 insertions, 2 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index 5e3bd72b299a..36fb6b527829 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -85,7 +85,7 @@ int __init integrity_init_keyring(const unsigned int id) return err; } -int __init integrity_load_x509(const unsigned int id, char *path) +int __init integrity_load_x509(const unsigned int id, const char *path) { key_ref_t key; char *data; diff --git a/security/integrity/iint.c b/security/integrity/iint.c index dbb6d141c3db..3d2f5b45c8cb 100644 --- a/security/integrity/iint.c +++ b/security/integrity/iint.c @@ -213,6 +213,9 @@ int __init integrity_read_file(const char *path, char **data) char *buf; int rc = -EINVAL; + if (!path || !*path) + return -EINVAL; + file = filp_open(path, O_RDONLY, 0); if (IS_ERR(file)) { rc = PTR_ERR(file); diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h index 0fc9519fefa9..9c6168709d3b 100644 --- a/security/integrity/integrity.h +++ b/security/integrity/integrity.h @@ -135,7 +135,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, const char *digest, int digestlen); int __init integrity_init_keyring(const unsigned int id); -int __init integrity_load_x509(const unsigned int id, char *path); +int __init integrity_load_x509(const unsigned int id, const char *path); #else static inline int integrity_digsig_verify(const unsigned int id, |