]> git.ipfire.org Git - thirdparty/systemd.git/commitdiff
cryptenroll: don't return slot 0 when we have no policy to search for
authorLennart Poettering <lennart@poettering.net>
Thu, 29 Aug 2024 10:54:40 +0000 (12:54 +0200)
committerLennart Poettering <lennart@poettering.net>
Fri, 30 Aug 2024 12:16:39 +0000 (14:16 +0200)
If the policy hash is empty we shouldn't return "0" from
search_policy_hash(), because that is understood as slot index 0, but
that's unlikely to match the policy.

Hence, return -ENOENT instead, indicating that we can't find a matching
slot.

src/cryptenroll/cryptenroll-tpm2.c

index 583259d853e50c11a3c1f7f62d3d4c4a6fad62a0..b3d851953bf63e3f00e1cdeee6966dbca870fabd 100644 (file)
@@ -26,7 +26,7 @@ static int search_policy_hash(
         assert(iovec_is_valid(hash));
 
         if (!iovec_is_set(hash))
-                return 0;
+                return -ENOENT;
 
         for (int token = 0; token < sym_crypt_token_max(CRYPT_LUKS2); token++) {
                 _cleanup_(sd_json_variant_unrefp) sd_json_variant *v = NULL;