diff options
Diffstat (limited to 'stand/liblua')
| -rw-r--r-- | stand/liblua/Makefile | 3 | ||||
| -rw-r--r-- | stand/liblua/lstd.c | 15 |
2 files changed, 18 insertions, 0 deletions
diff --git a/stand/liblua/Makefile b/stand/liblua/Makefile index ed1b850d577f..edbbf60b2d25 100644 --- a/stand/liblua/Makefile +++ b/stand/liblua/Makefile @@ -35,5 +35,8 @@ CFLAGS+= -I${BOOTSRC}/include -I${LIBLUASRC} -I${LUASRC} -I${LDRSRC} .if ${MACHINE_CPUARCH} == "amd64" && ${DO32:U0} == 0 CFLAGS+= -fPIC .endif +.if ${MK_LOADER_VERIEXEC} == "yes" +CFLAGS+= -I${SRCTOP}/lib/libsecureboot/h -DLOADER_VERIEXEC +.endif .include <bsd.lib.mk> diff --git a/stand/liblua/lstd.c b/stand/liblua/lstd.c index c71232ee1024..8efdaf7256be 100644 --- a/stand/liblua/lstd.c +++ b/stand/liblua/lstd.c @@ -31,6 +31,10 @@ __FBSDID("$FreeBSD$"); #include "lstd.h" #include "math.h" +#ifdef LOADER_VERIEXEC +#include <verify_file.h> +#endif + FILE * fopen(const char *filename, const char *mode) { @@ -76,6 +80,17 @@ fopen(const char *filename, const char *mode) return (NULL); } +#ifdef LOADER_VERIEXEC + /* only regular files and only reading makes sense */ + if (S_ISREG(st.st_mode) && !(m & O_WRONLY)) { + if (verify_file(fd, filename, 0, VE_GUESS) < 0) { + free(f); + close(fd); + return (NULL); + } + } +#endif + f->fd = fd; f->offset = 0; f->size = st.st_size; |