| Message ID | 20210419150151.236409-4-stefanb@linux.ibm.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ima-evm-utils: Some cleanups and bugfixes | expand |
On 4/19/21 11:01 AM, Stefan Berger wrote: > The variable returned from readlink is a length indicator of the > number of bytes placed into a buffer, not only an error. Leave > a note in the code that a zero-length link is also treated as an > error, besdies the usual -1. Is link signing supported by IMA in the kernel? Maybe I missed something when looking at the code in the Linux kernel, but I could not find that it was supported. What about directory signing and socket/device file signing? Stefan
diff --git a/src/libimaevm.c b/src/libimaevm.c index 0137884..9a6739b 100644 --- a/src/libimaevm.c +++ b/src/libimaevm.c @@ -213,15 +213,16 @@ static int add_dir_hash(const char *file, EVP_MD_CTX *ctx) static int add_link_hash(const char *path, EVP_MD_CTX *ctx) { - int err; + int len; char buf[1024]; - err = readlink(path, buf, sizeof(buf)); - if (err <= 0) + len = readlink(path, buf, sizeof(buf)); + /* 0-length links are also an error */ + if (len <= 0) return -1; - log_info("link: %s -> %.*s\n", path, err, buf); - return !EVP_DigestUpdate(ctx, buf, err); + log_info("link: %s -> %.*s\n", path, len, buf); + return !EVP_DigestUpdate(ctx, buf, len); } static int add_dev_hash(struct stat *st, EVP_MD_CTX *ctx)
The variable returned from readlink is a length indicator of the number of bytes placed into a buffer, not only an error. Leave a note in the code that a zero-length link is also treated as an error, besdies the usual -1. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> --- src/libimaevm.c | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-)