| Message ID | 20190627232546.28746-1-bauerman@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ima: Update MAX_TEMPLATE_NAME_LEN to fit largest reasonable definition | expand |
On Thu, 2019-06-27 at 20:25 -0300, Thiago Jung Bauermann wrote: > MAX_TEMPLATE_NAME_LEN is used when restoring measurements carried over from > a kexec. It should be set to the length of a template containing all fields > except for 'd' and 'n', which don't need to be accounted for since they > shouldn't be defined in the same template description as 'd-ng' and 'n-ng'. > > That length is greater than the current 15, so update using a sizeof() to > show where the number comes from and also can be visually shown to be > correct. The sizeof() is calculated at compile time. > > Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Thanks, it's now in next-queued-testing. Mimi
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index a01a17e5c581..7343e8e0ae2f 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -47,7 +47,13 @@ static const struct ima_template_field supported_fields[] = { {.field_id = "buf", .field_init = ima_eventbuf_init, .field_show = ima_show_template_buf}, }; -#define MAX_TEMPLATE_NAME_LEN 15 + +/* + * Used when restoring measurements carried over from a kexec. 'd' and 'n' don't + * need to be accounted for since they shouldn't be defined in the same template + * description as 'd-ng' and 'n-ng' respectively. + */ +#define MAX_TEMPLATE_NAME_LEN sizeof("d-ng|n-ng|sig|buf") static struct ima_template_desc *ima_template;
MAX_TEMPLATE_NAME_LEN is used when restoring measurements carried over from a kexec. It should be set to the length of a template containing all fields except for 'd' and 'n', which don't need to be accounted for since they shouldn't be defined in the same template description as 'd-ng' and 'n-ng'. That length is greater than the current 15, so update using a sizeof() to show where the number comes from and also can be visually shown to be correct. The sizeof() is calculated at compile time. Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> --- security/integrity/ima/ima_template.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-)