integrity: add validity checks for 'path' parameter

This patch adds validity checks for 'path' parameter and makes it const. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
git-mirror · May 21, 2015 · 9d03a72 · 9d03a72
1 parent f2b3dee
commit 9d03a72
Show file tree

Hide file tree

Showing 3 changed files with 5 additions and 2 deletions.
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
@@ -85,7 +85,7 @@ int __init integrity_init_keyring(const unsigned int id)
 	return err;
 }
 
-int __init integrity_load_x509(const unsigned int id, char *path)
+int __init integrity_load_x509(const unsigned int id, const char *path)
 {
 	key_ref_t key;
 	char *data;

diff --git a/security/integrity/iint.c b/security/integrity/iint.c
@@ -213,6 +213,9 @@ int __init integrity_read_file(const char *path, char **data)
 	char *buf;
 	int rc = -EINVAL;
 
+	if (!path || !*path)
+		return -EINVAL;
+
 	file = filp_open(path, O_RDONLY, 0);
 	if (IS_ERR(file)) {
 		rc = PTR_ERR(file);

diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
@@ -135,7 +135,7 @@ int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
 			    const char *digest, int digestlen);
 
 int __init integrity_init_keyring(const unsigned int id);
-int __init integrity_load_x509(const unsigned int id, char *path);
+int __init integrity_load_x509(const unsigned int id, const char *path);
 #else
 
 static inline int integrity_digsig_verify(const unsigned int id,