d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

verify_pcr_export: bump kenv_mvallen if needed

Browse Source 
The loader.ve.hashed list can easily exceed KENV_MVALLEN.
If so, bump kenv_mvallen to a multiple of KENV_MVALLEN to
accommodate the value.

Reviewed by:	stevek
MFC after:	1 week
This commit is contained in:
Simon J. Gerraty 2020-06-12 21:55:30 +00:00
parent 8cc8c5864a
commit 3e6e3de0aa
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/head/; revision=362127
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/libsecureboot/verify_file.c
View File

@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <string.h>
#include <sys/queue.h>
#include <sys/kenv.h>
#include "libsecureboot.h"
#include <verify_file.h>
@ -532,6 +533,19 @@ verify_pcr_export(void)
DEBUG_PRINTF(1,
("%s: setenv(loader.ve.hashed, %s\n",
__func__, hinfo));
if ((hlen = strlen(hinfo)) > KENV_MVALLEN) {
/*
* bump kenv_mvallen
* roundup to multiple of KENV_MVALLEN
*/
char mvallen[16];
hlen += KENV_MVALLEN -
(hlen % KENV_MVALLEN);
if (snprintf(mvallen, sizeof(mvallen),
"%d", (int) hlen) < sizeof(mvallen))
setenv("kenv_mvallen", mvallen, 1);
}
free(hinfo);
}
}