diff options
| author | Wojciech Macek <wma@FreeBSD.org> | 2022-06-29 08:50:23 +0000 |
|---|---|---|
| committer | Wojciech Macek <wma@FreeBSD.org> | 2022-06-29 08:50:23 +0000 |
| commit | e6ef5042e485f74e7233a9974010b16a7316167e (patch) | |
| tree | 3be1f4ee7662f455069389199ca58c37bbd57f46 | |
| parent | 15c362aeb7784385cb464fa364cbdd7a1e64e787 (diff) | |
| download | src-e6ef5042e485f74e7233a9974010b16a7316167e.tar.gz src-e6ef5042e485f74e7233a9974010b16a7316167e.zip | |
libsecureboot: Do not propagate empty string
If Trust Anchors are provided by UEFI and not compiled into
libsecureboot the segmentation fault occurs due to empty
or NULL string usage.
Obtained from: Semihalf
Reviewed by: sjg
Differential revision: https://reviews.freebsd.org/D35120
| -rw-r--r-- | lib/libsecureboot/vets.c | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/libsecureboot/vets.c b/lib/libsecureboot/vets.c index a3c1fb34a419..b06ab346f716 100644 --- a/lib/libsecureboot/vets.c +++ b/lib/libsecureboot/vets.c @@ -420,8 +420,9 @@ ve_trust_init(void) #endif #ifdef TRUST_ANCHOR_STR - ve_trust_anchors_add_buf(__DECONST(unsigned char *, TRUST_ANCHOR_STR), - sizeof(TRUST_ANCHOR_STR)); + if (TRUST_ANCHOR_STR != NULL && strlen(TRUST_ANCHOR_STR) != 0ul) + ve_trust_anchors_add_buf(__DECONST(unsigned char *, + TRUST_ANCHOR_STR), sizeof(TRUST_ANCHOR_STR)); #endif once = (int) VEC_LEN(trust_anchors); #ifdef VE_OPENPGP_SUPPORT |