From: Zoltan Fridrich <zfridric@redhat.com>
Date: Wed, 9 Nov 2022 15:10:58 +0000 (+0100)
Subject: Fipshmac: always use realpaths
X-Git-Tag: 3.8.0~33^2~1
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=6a6119bb180450d156dfdb9c2b560744dcd464b2;p=thirdparty%2Fgnutls.git

Fipshmac: always use realpaths

Signed-off-by: Zoltan Fridrich <zfridric@redhat.com>
---

diff --git a/bootstrap.conf b/bootstrap.conf
index bfbc7e0962..ad8d7cd51e 100644
--- a/bootstrap.conf
+++ b/bootstrap.conf
@@ -27,7 +27,7 @@ required_submodules="tests/suite/tls-fuzzer/python-ecdsa tests/suite/tls-fuzzer/
 
 # Those modules are common to lib/ and src/.
 common_modules="
-alloca attribute byteswap c-ctype c-strcase explicit_bzero fopen-gnu func getline gettext-h gettimeofday hash hash-pjw-bare arpa_inet inet_ntop inet_pton intprops linkedhash-list lock memmem-simple minmax netdb netinet_in read-file secure_getenv setsockopt snprintf stdint stpcpy strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types threadlib time_r tls unistd valgrind-tests vasprintf verify vsnprintf xalloc-oversized
+alloca attribute byteswap c-ctype c-strcase canonicalize-lgpl explicit_bzero fopen-gnu func getline gettext-h gettimeofday hash hash-pjw-bare arpa_inet inet_ntop inet_pton intprops linkedhash-list lock memmem-simple minmax netdb netinet_in read-file secure_getenv setsockopt snprintf stdint stpcpy strcase strdup-posix strndup strtok_r strverscmp sys_socket sys_stat sys_types threadlib time_r tls unistd valgrind-tests vasprintf verify vsnprintf xalloc-oversized
 "
 gnulib_modules="
 $common_modules dirname-lgpl extensions gendocs havelib ldd lib-msvc-compat lib-symbol-versions maintainer-makefile manywarnings pmccabe2html warnings
diff --git a/lib/fipshmac.c b/lib/fipshmac.c
index b091572bdf..13051dfdab 100644
--- a/lib/fipshmac.c
+++ b/lib/fipshmac.c
@@ -102,20 +102,30 @@ static int get_hmac(const char *path, char *hmac, size_t hmac_size)
 static int print_lib_path(const char *path)
 {
 	int ret;
+	char *real_path = NULL;
 	char hmac[HMAC_STR_SIZE];
 
-	ret = get_hmac(path, hmac, sizeof(hmac));
+	real_path = canonicalize_file_name(path);
+	if (real_path == NULL) {
+		fprintf(stderr, "Could not get realpath from %s\n", path);
+		ret = GNUTLS_E_FILE_ERROR;
+		goto cleanup;
+	}
+
+	ret = get_hmac(real_path, hmac, sizeof(hmac));
 	if (ret < 0) {
 		fprintf(stderr, "Could not calculate HMAC for %s: %s\n",
-                        last_component(path), gnutls_strerror(ret));
-		return ret;
+                        last_component(real_path), gnutls_strerror(ret));
+		goto cleanup;
 	}
 
 	printf("[%s]\n", last_component(path));
-	printf("path = %s\n", path);
+	printf("path = %s\n", real_path);
 	printf("hmac = %s\n", hmac);
 
-	return 0;
+cleanup:
+	free(real_path);
+	return ret;
 }
 
 static int print_lib_dl(const char *lib, const char *sym)