dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 14:22:31 +02:00
Code Releases Activity

Sanity check the template data field sizes

Browse Source 
The field sizes of the original "ima" template data are static, but
the other template data fields are not.  They're prefixed with a size.

Add some data field size sanity checks in ima_show_ng().

Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Mimi Zohar 2022-09-13 16:48:30 -04:00
parent 22f8effda5
commit 27e91006d8
1 changed files with 40 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
src/evmctl.c
View File

@ -1591,8 +1591,9 @@ void ima_ng_show(struct template_entry *entry)
{ {
uint8_t *fieldp = entry->template; uint8_t *fieldp = entry->template;
uint32_t field_len; uint32_t field_len;
int total_len = entry->template_len, digest_len, len, sig_len, fbuf_len; int total_len = entry->template_len, digest_len, len, fbuf_len;
uint8_t *digest, *sig = NULL, *fbuf = NULL; uint8_t *digest, *sig = NULL, *fbuf = NULL;
int sig_len = 0;
char *algo, *path; char *algo, *path;
int found; int found;
int err; int err;
@ -1601,33 +1602,65 @@ void ima_ng_show(struct template_entry *entry)
field_len = *(uint32_t *)fieldp; field_len = *(uint32_t *)fieldp;
fieldp += sizeof(field_len); fieldp += sizeof(field_len);
total_len -= sizeof(field_len); total_len -= sizeof(field_len);
if (total_len < 0) {
log_err("Template \"%s\" invalid template data\n", entry->name);
return;
}
algo = (char *)fieldp; algo = (char *)fieldp;
len = strnlen(algo, field_len - 1) + 1; len = strnlen(algo, field_len - 1) + 1;
digest_len = field_len - len; digest_len = field_len - len;
if (digest_len < SHA_DIGEST_LENGTH ||
digest_len > MAX_DIGEST_SIZE) {
log_err("Template \"%s\" invalid digest length\n", entry->name);
return;
}
digest = fieldp + len; digest = fieldp + len;
/* move to next field */ /* move to next field */
fieldp += field_len; fieldp += field_len;
total_len -= field_len; total_len -= field_len;
if (total_len < 0) {
log_err("Template \"%s\" invalid template data\n", entry->name);
return;
}
/* get path */ /* get path */
field_len = *(uint32_t *)fieldp; field_len = *(uint32_t *)fieldp;
fieldp += sizeof(field_len); fieldp += sizeof(field_len);
total_len -= sizeof(field_len); total_len -= sizeof(field_len);
if (field_len == 0 || field_len > PATH_MAX || total_len < field_len) {
log_err("Template \"%s\" invalid file pathname\n", entry->name);
return;
}
path = (char *)fieldp; path = (char *)fieldp;
/* move to next field */ /* move to next field */
fieldp += field_len; fieldp += field_len;
total_len -= field_len; total_len -= field_len;
if (total_len < 0) {
log_err("Template \"%s\" invalid template data\n", entry->name);
return;
}
if (!strcmp(entry->name, "ima-sig") || if (!strcmp(entry->name, "ima-sig") ||
!strcmp(entry->name, "ima-sigv2")) { !strcmp(entry->name, "ima-sigv2")) {
/* get signature */ /* get signature, if it exists */
field_len = *(uint32_t *)fieldp; field_len = *(uint32_t *)fieldp;
fieldp += sizeof(field_len); fieldp += sizeof(field_len);
if (field_len > MAX_SIGNATURE_SIZE) {
log_err("Template \"%s\" invalid file signature size\n",
entry->name);
return;
}
total_len -= sizeof(field_len); total_len -= sizeof(field_len);
if (total_len < 0) {
log_err("Template \"%s\" invalid template data\n",
entry->name);
return;
}
if (field_len) { if (field_len) {
sig = fieldp; sig = fieldp;
@ -1651,6 +1684,11 @@ void ima_ng_show(struct template_entry *entry)
} }
} }
if (total_len < 0) {
log_err("Template \"%s\" invalid template data\n", entry->name);
return;
}
/* ascii_runtime_measurements */ /* ascii_runtime_measurements */
if (imaevm_params.verbose > LOG_INFO) { if (imaevm_params.verbose > LOG_INFO) {
log_info("%d ", entry->header.pcr); log_info("%d ", entry->header.pcr);