Define and verify the template data length upper bounds

The template data length is variable, based on the template format. Define some sort of upper bounds. Reviewed-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2025-06-30 21:02:33 +02:00 · 2022-09-13 12:23:55 -04:00
parent 6778e3511b
commit 22f8effda5
2 changed files with 12 additions and 1 deletions
--- a/src/evmctl.c
+++ b/src/evmctl.c
@ -2189,7 +2189,8 @@ static int ima_measurement(const char *file)
 				log_err("Unable to read template length\n");
 				goto out;
 			}
-			if (entry.template_len == 0) {
+			if (entry.template_len == 0 ||
+			    entry.template_len > MAX_TEMPLATE_SIZE) {
 				log_err("Invalid template data len\n");
 				goto out;
 			}
--- a/src/imaevm.h
+++ b/src/imaevm.h
@ -91,6 +91,16 @@
 #define MAX_DIGEST_SIZE		64
 #define MAX_SIGNATURE_SIZE	1024

+/*
+ * The maximum template data size is dependent on the template format. For
+ * example the 'ima-modsig' template includes two signatures - one for the
+ * entire file, the other without the appended signature - and other fields
+ * (e.g. file digest, file name, file digest without the appended signature).
+ *
+ * Other template formats are much smaller.
+ */
+#define MAX_TEMPLATE_SIZE	(MAX_SIGNATURE_SIZE * 4)
+
 #define __packed __attribute__((packed))

 enum evm_ima_xattr_type {