From cc4bc6efcc2d6ff82ac345f7a948094db3c7bb14 Mon Sep 17 00:00:00 2001
From: Alex Zenla <alex@edera.dev>
Date: Sun, 2 Nov 2025 02:48:41 -0500
Subject: [PATCH] fix(shim/hook): when using older hook protocol, read the data
 into an owned buffer

---
 src/integrations/shim/hook.rs | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/src/integrations/shim/hook.rs b/src/integrations/shim/hook.rs
index 641efb5..f5a9cc6 100644
--- a/src/integrations/shim/hook.rs
+++ b/src/integrations/shim/hook.rs
@@ -97,6 +97,16 @@ impl SecurityHook {
         // Construct a shim input from the path.
         let input = ShimInput::SecurityHookPath(path);
 
+        // Convert the input to an owned data buffer.
+        let input = match input.into_owned_data_buffer() {
+            Ok(input) => input,
+            // If an error occurs, log the error and return the not found status.
+            Err(error) => {
+                warn!("unable to read data to be authenticated: {}", error);
+                return Status::NOT_FOUND;
+            }
+        };
+
         // Verify the input, if it fails, call the original hook.
         if !Self::verify(input) {
             // Acquire the global hook state to grab the original hook.
@@ -116,7 +126,7 @@ impl SecurityHook {
                 Err(error) => {
                     warn!(
                         "unable to acquire global hook state lock to call original hook: {}",
-                        error
+                        error,
                     );
                     return Status::LOAD_ERROR;
                 }