From 22f8effda53b90a459ac41ac7062222471d7da25 Mon Sep 17 00:00:00 2001
From: Mimi Zohar <zohar@linux.ibm.com>
Date: Tue, 13 Sep 2022 12:23:55 -0400
Subject: [PATCH] Define and verify the template data length upper bounds

The template data length is variable, based on the template format.
Define some sort of upper bounds.

Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c |  3 ++-
 src/imaevm.h | 10 ++++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/src/evmctl.c b/src/evmctl.c
index 33d9088..394285e 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2189,7 +2189,8 @@ static int ima_measurement(const char *file)
 				log_err("Unable to read template length\n");
 				goto out;
 			}
-			if (entry.template_len == 0) {
+			if (entry.template_len == 0 ||
+			    entry.template_len > MAX_TEMPLATE_SIZE) {
 				log_err("Invalid template data len\n");
 				goto out;
 			}
diff --git a/src/imaevm.h b/src/imaevm.h
index 8843216..78e7ed5 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -91,6 +91,16 @@
 #define MAX_DIGEST_SIZE		64
 #define MAX_SIGNATURE_SIZE	1024
 
+/*
+ * The maximum template data size is dependent on the template format. For
+ * example the 'ima-modsig' template includes two signatures - one for the
+ * entire file, the other without the appended signature - and other fields
+ * (e.g. file digest, file name, file digest without the appended signature).
+ *
+ * Other template formats are much smaller.
+ */
+#define MAX_TEMPLATE_SIZE	(MAX_SIGNATURE_SIZE * 4)
+
 #define __packed __attribute__((packed))
 
 enum evm_ima_xattr_type {