diff mbox series

[RFC,ima-evm-utils,11/11] Missing template data size lower bounds checking

Message ID 20220830005936.189922-12-zohar@linux.ibm.com (mailing list archive)
State New, archived
Headers show
Series address deprecated warnings | expand

Commit Message

Mimi Zohar Aug. 30, 2022, 12:59 a.m. UTC 
Each record in the IMA measurement list must contain some template data.
Ensure the template data is not zero length.

Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c | 4 ++++
 1 file changed, 4 insertions(+)

Comments

Petr Vorel Aug. 30, 2022, 1:06 p.m. UTC | #1 
Hi Mimi,

> Each record in the IMA measurement list must contain some template data.
> Ensure the template data is not zero length.

Reviewed-by: Petr Vorel <pvorel@suse.cz>

Kind regards,
Petr
diff mbox series

Patch

diff --git a/src/evmctl.c b/src/evmctl.c
index 4619bb433926..0d8f93bf5d26 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2189,6 +2189,10 @@  static int ima_measurement(const char *file)
 				log_err("Unable to read template length\n");
 				goto out;
 			}
+			if (entry.template_len == 0) {
+				log_err("Invalid template data len\n");
+				goto out;
+			}
 		} else {
 			entry.template_len = SHA_DIGEST_LENGTH +
 					     TCG_EVENT_NAME_LEN_MAX + 1;