| Message ID | 20220914142225.1381077-3-zohar@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | misc bug and other fixes | expand |
On 9/14/22 10:22, Mimi Zohar wrote: > The template data length is variable, based on the template format. > Define some sort of upper bounds. > > Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> > --- > src/evmctl.c | 3 ++- > src/imaevm.h | 10 ++++++++++ > 2 files changed, 12 insertions(+), 1 deletion(-) > > diff --git a/src/evmctl.c b/src/evmctl.c > index bcf724c828f7..9ab804fee37a 100644 > --- a/src/evmctl.c > +++ b/src/evmctl.c > @@ -2189,7 +2189,8 @@ static int ima_measurement(const char *file) > log_err("Unable to read template length\n"); > goto out; > } > - if (entry.template_len == 0) { > + if (entry.template_len == 0 || > + entry.template_len > MAX_TEMPLATE_SIZE) { > log_err("Invalid template data len\n"); > goto out; > } > diff --git a/src/imaevm.h b/src/imaevm.h > index 8114bd051514..c43312d01dec 100644 > --- a/src/imaevm.h > +++ b/src/imaevm.h > @@ -91,6 +91,16 @@ > #define MAX_DIGEST_SIZE 64 > #define MAX_SIGNATURE_SIZE 1024 > > +/* > + * The maximum template data size is dependent on the template format. For > + * example the 'ima-modsig' template includes two signatures - one for the > + * entire file, the other without the appended signature - and other fields > + * (e.g. file digest, file name, file digest without the appended signature). > + * > + * Other template formats are much smaller. > + */ > +#define MAX_TEMPLATE_SIZE (MAX_SIGNATURE_SIZE * 4) Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> > + > #define __packed __attribute__((packed)) > > enum evm_ima_xattr_type {
diff --git a/src/evmctl.c b/src/evmctl.c index bcf724c828f7..9ab804fee37a 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -2189,7 +2189,8 @@ static int ima_measurement(const char *file) log_err("Unable to read template length\n"); goto out; } - if (entry.template_len == 0) { + if (entry.template_len == 0 || + entry.template_len > MAX_TEMPLATE_SIZE) { log_err("Invalid template data len\n"); goto out; } diff --git a/src/imaevm.h b/src/imaevm.h index 8114bd051514..c43312d01dec 100644 --- a/src/imaevm.h +++ b/src/imaevm.h @@ -91,6 +91,16 @@ #define MAX_DIGEST_SIZE 64 #define MAX_SIGNATURE_SIZE 1024 +/* + * The maximum template data size is dependent on the template format. For + * example the 'ima-modsig' template includes two signatures - one for the + * entire file, the other without the appended signature - and other fields + * (e.g. file digest, file name, file digest without the appended signature). + * + * Other template formats are much smaller. + */ +#define MAX_TEMPLATE_SIZE (MAX_SIGNATURE_SIZE * 4) + #define __packed __attribute__((packed)) enum evm_ima_xattr_type {
The template data length is variable, based on the template format. Define some sort of upper bounds. Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- src/evmctl.c | 3 ++- src/imaevm.h | 10 ++++++++++ 2 files changed, 12 insertions(+), 1 deletion(-)