diff mbox series

[1/3] ima-evm-utils: similarly add sanity check for file parameter of TPM 1.2 PCRs

Message ID 1595174524-4976-1-git-send-email-zohar@linux.ibm.com (mailing list archive)
State New, archived
Headers show
Series [1/3] ima-evm-utils: similarly add sanity check for file parameter of TPM 1.2 PCRs | expand

Commit Message

Mimi Zohar July 19, 2020, 4:02 p.m. UTC 
Parameter expects to be a copy of /sys/class/tpm/tpm0/device/pcrs (i.e.
regular file, not a directory, block or character device, socket, ...)

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

Comments

Petr Vorel July 20, 2020, 8:04 a.m. UTC | #1 
HI Mimi,

> Parameter expects to be a copy of /sys/class/tpm/tpm0/device/pcrs (i.e.
> regular file, not a directory, block or character device, socket, ...)

> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Reviewed-by: Petr Vorel <pvorel@suse.cz>

Kind regards,
Petr
diff mbox series

Patch

diff --git a/src/evmctl.c b/src/evmctl.c
index 0f1c5a023516..06a2ffb879d9 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1379,14 +1379,26 @@  static char *misc_pcrs = "/sys/class/misc/tpm0/device/pcrs";
 /* Read all of the TPM 1.2 PCRs */
 static int tpm_pcr_read(struct tpm_bank_info *tpm_banks, int len)
 {
+	struct stat s;
 	FILE *fp = NULL;
 	char *p, pcr_str[8], buf[70]; /* length of the TPM string */
 	int result = -1;
 	int i = 0;
 
 	/* Use the provided TPM 1.2 pcrs file */
-	if (pcrfile)
+	if (pcrfile) {
+		if (stat(pcrfile, &s) == -1) {
+			errno = 0;
+			return 1;
+		}
+
+		if (!S_ISREG(s.st_mode)) {
+			log_info("TPM 1.2 PCR file: not a regular file or link to regular file\n");
+			return 1;
+		}
+
 		fp = fopen(pcrfile, "r");
+	}
 
 	if (!fp)
 		fp = fopen(pcrs, "r");