diff mbox series

ima-evm-utils: Prevent crash if pcr is invalid

Message ID 20210212175822.2917142-1-sorenson@redhat.com (mailing list archive)
State New, archived
Headers show
Series ima-evm-utils: Prevent crash if pcr is invalid | expand

Commit Message

Frank Sorenson Feb. 12, 2021, 5:58 p.m. UTC 
If the pcr is invalid, evmctl will crash while accessing
an invalid memory address.  Verify the pcr is in the
expected range.

Also, correct range of an existing check.

Signed-off-by: Frank Sorenson <sorenson@redhat.com>
---
 src/evmctl.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

Comments

Mimi Zohar Feb. 12, 2021, 6:45 p.m. UTC | #1 
On Fri, 2021-02-12 at 11:58 -0600, Frank Sorenson wrote:
> If the pcr is invalid, evmctl will crash while accessing
> an invalid memory address.  Verify the pcr is in the
> expected range.
> 
> Also, correct range of an existing check.
> 
> Signed-off-by: Frank Sorenson <sorenson@redhat.com>

Thanks, applied to next-testing.

Mimi
diff mbox series

Patch

diff --git a/src/evmctl.c b/src/evmctl.c
index 1815f55..a14337a 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1975,6 +1975,11 @@  static int ima_measurement(const char *file)
 		tpmbanks = 0;
 
 	while (fread(&entry.header, sizeof(entry.header), 1, fp)) {
+		if (entry.header.pcr >= NUM_PCRS) {
+			log_err("Invalid PCR %d.\n", entry.header.pcr);
+			fclose(fp);
+			exit(1);
+		}
 		if (entry.header.name_len > TCG_EVENT_NAME_LEN_MAX) {
 			log_err("%d ERROR: event name too long!\n",
 				entry.header.name_len);
@@ -2180,7 +2185,7 @@  static int read_binary_bios_measurements(char *file, struct tpm_bank_info *bank)
 			log_info("%02u ", event.header.pcr);
 			log_dump(event.header.digest, SHA_DIGEST_LENGTH);
 		}
-		if (event.header.pcr > NUM_PCRS) {
+		if (event.header.pcr >= NUM_PCRS) {
 			log_err("Invalid PCR %d.\n", event.header.pcr);
 			err = 1;
 			break;