Skip to content

Commit

Permalink
verify_pcr_export: bump kenv_mvallen if needed
Browse files Browse the repository at this point in the history 
The loader.ve.hashed list can easily exceed KENV_MVALLEN.
If so, bump kenv_mvallen to a multiple of KENV_MVALLEN to
accommodate the value.

Reviewed by:	stevek
MFC after:	1 week
  • Loading branch information
@sgerraty
sgerraty committed Jun 12, 2020
1 parent 8cc8c58 commit 3e6e3de
Showing 1 changed file with 14 additions and 0 deletions.
14 changes: 14 additions & 0 deletions lib/libsecureboot/verify_file.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,7 @@ __FBSDID("$FreeBSD$");
#include <sys/param.h>
#include <string.h>
#include <sys/queue.h>
#include <sys/kenv.h>

#include "libsecureboot.h"
#include <verify_file.h>
Expand Down Expand Up @@ -532,6 +533,19 @@ verify_pcr_export(void)
DEBUG_PRINTF(1,
("%s: setenv(loader.ve.hashed, %s\n",
__func__, hinfo));
if ((hlen = strlen(hinfo)) > KENV_MVALLEN) {
/*
* bump kenv_mvallen
* roundup to multiple of KENV_MVALLEN
*/
char mvallen[16];

hlen += KENV_MVALLEN -
(hlen % KENV_MVALLEN);
if (snprintf(mvallen, sizeof(mvallen),
"%d", (int) hlen) < sizeof(mvallen))
setenv("kenv_mvallen", mvallen, 1);
}
free(hinfo);
}
}
Expand Down

0 comments on commit 3e6e3de

Please sign in to comment.