[ima-evm-utils,v5,13/17] Missing template data size lower bounds checking

Commit Message

Mimi Zohar Nov. 3, 2022, 6:39 p.m. UTC

Each record in the IMA measurement list must contain some template data.
Ensure the template data is not zero length.

Reviewed-by: Petr Vorel <pvorel@suse.cz>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c | 4 ++++
 1 file changed, 4 insertions(+)

Patch

diff --git a/src/evmctl.c b/src/evmctl.c
index 17472bf621f6..65e27e1681e7 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2188,6 +2188,10 @@  static int ima_measurement(const char *file)
 				log_err("Unable to read template length\n");
 				goto out;
 			}
+			if (entry.template_len == 0) {
+				log_err("Invalid template data len\n");
+				goto out;
+			}
 		} else {
 			entry.template_len = SHA_DIGEST_LENGTH +
 					     TCG_EVENT_NAME_LEN_MAX + 1;