Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 29 Jun 2022 08:51:05 GMT
From:      Wojciech Macek <wma@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: e6ef5042e485 - main - libsecureboot: Do not propagate empty string
Message-ID:  <202206290851.25T8p5WE055673@gitrepo.freebsd.org>

next in thread | raw e-mail | index | archive | help
The branch main has been updated by wma:

URL: https://cgit.FreeBSD.org/src/commit/?id=e6ef5042e485f74e7233a9974010b16a7316167e

commit e6ef5042e485f74e7233a9974010b16a7316167e
Author:     Wojciech Macek <wma@FreeBSD.org>
AuthorDate: 2022-06-29 08:50:23 +0000
Commit:     Wojciech Macek <wma@FreeBSD.org>
CommitDate: 2022-06-29 08:50:23 +0000

    libsecureboot: Do not propagate empty string
    
    If Trust Anchors are provided by UEFI and not compiled into
    libsecureboot the segmentation fault occurs due to empty
    or NULL string usage.
    
    Obtained from:          Semihalf
    Reviewed by:            sjg
    Differential revision:  https://reviews.freebsd.org/D35120
---
 lib/libsecureboot/vets.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/lib/libsecureboot/vets.c b/lib/libsecureboot/vets.c
index a3c1fb34a419..b06ab346f716 100644
--- a/lib/libsecureboot/vets.c
+++ b/lib/libsecureboot/vets.c
@@ -420,8 +420,9 @@ ve_trust_init(void)
 #endif
 
 #ifdef TRUST_ANCHOR_STR
-	ve_trust_anchors_add_buf(__DECONST(unsigned char *, TRUST_ANCHOR_STR),
-	    sizeof(TRUST_ANCHOR_STR));
+	if (TRUST_ANCHOR_STR != NULL && strlen(TRUST_ANCHOR_STR) != 0ul)
+		ve_trust_anchors_add_buf(__DECONST(unsigned char *,
+		    TRUST_ANCHOR_STR), sizeof(TRUST_ANCHOR_STR));
 #endif
 	once = (int) VEC_LEN(trust_anchors);
 #ifdef VE_OPENPGP_SUPPORT



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202206290851.25T8p5WE055673>