summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorDmitry Kasatkin <d.kasatkin@samsung.com>2014-11-26 15:55:00 +0100
committerMimi Zohar <zohar@linux.vnet.ibm.com>2015-05-21 19:59:28 +0200
commit9d03a721a3a4a5120de790a0e67dc324c2ed9184 (patch)
tree0ad52d2f7800e0c5f78c121ec5d5b24e33f7c954 /security
parentKEYS: fix "ca_keys=" partial key matching (diff)
downloadlinux-9d03a721a3a4a5120de790a0e67dc324c2ed9184.tar.xz
linux-9d03a721a3a4a5120de790a0e67dc324c2ed9184.zip
integrity: add validity checks for 'path' parameter
This patch adds validity checks for 'path' parameter and makes it const. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/digsig.c2
-rw-r--r--security/integrity/iint.c3
-rw-r--r--security/integrity/integrity.h2
3 files changed, 5 insertions, 2 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 5e3bd72b299a..36fb6b527829 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -85,7 +85,7 @@ int __init integrity_init_keyring(const unsigned int id)
return err;
}
-int __init integrity_load_x509(const unsigned int id, char *path)
+int __init integrity_load_x509(const unsigned int id, const char *path)
{
key_ref_t key;
char *data;
diff --git a/security/integrity/iint.c b/security/integrity/iint.c
index dbb6d141c3db..3d2f5b45c8cb 100644
--- a/security/integrity/iint.c
+++ b/security/integrity/iint.c
@@ -213,6 +213,9 @@ int __init integrity_read_file(const char *path, char **data)
char *buf;
int rc = -EINVAL;
+ if (!path || !*path)
+ return -EINVAL;
+
file = filp_open(path, O_RDONLY, 0);
if (IS_ERR(file)) {
rc = PTR_ERR(file);
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 0fc9519fefa9..9c6168709d3b 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -135,7 +135,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
const char *digest, int digestlen);
int __init integrity_init_keyring(const unsigned int id);
-int __init integrity_load_x509(const unsigned int id, char *path);
+int __init integrity_load_x509(const unsigned int id, const char *path);
#else
static inline int integrity_digsig_verify(const unsigned int id,