Bug 1319855 - truncate -s 1T src/.libs/.libfipscheck.so.1.hmac ; ./src/fipscheck ./src/fipscheck
Summary: truncate -s 1T src/.libs/.libfipscheck.so.1.hmac ; ./src/fipscheck ./src/fips...
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: fipscheck
Version: 25
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Tomas Mraz
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-03-21 16:34 UTC by cagney
Modified: 2017-02-24 10:03 UTC (History)
1 user (show)

Fixed In Version: fipscheck-1.5.0-1.fc26
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-02-24 10:03:34 UTC
Type: Bug

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description cagney 2016-03-21 16:34:43 UTC 
Description of problem:

fipscheck uses getline() to read its hmac files, fread() might be better


Version-Release number of selected component (if applicable):

default branch


How reproducible:

100%


Steps to Reproduce:
1. build fipscheck
2. truncate -s 1T src/.libs/.libfipscheck.so.1.hmac
3. ./src/fipscheck ./src/fipscheck


Actual results:

Machine goes into the weeds.  It did come back eventually so, perhaps I should try a bigger file?


Expected results:

Short sharp error.


Additional info:

The problem is with:

        if (getline(&hmac, &n, hf) > 0) {

I suspect fread() would be safer.
Comment 1 Jan Kurik 2016-07-26 05:09:06 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 25 development cycle.
Changing version to '25'.
Note You need to log in before you can comment on or make changes to this bug.