dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-27 22:32:31 +02:00
Code Releases Activity

ima-evm-utils: Prevent crash if pcr is invalid

Browse Source 
If the pcr is invalid, evmctl will crash while accessing
an invalid memory address.  Verify the pcr is in the
expected range.

Also, correct range of an existing check.

Signed-off-by: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Frank Sorenson 2021-02-12 11:58:22 -06:00 committed by Mimi Zohar
parent 8cbf05fcde
commit 74ea78d4f2
1 changed files with 6 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/evmctl.c
View File

@ -2023,6 +2023,11 @@ static int ima_measurement(const char *file)
while (fread(&entry.header, sizeof(entry.header), 1, fp)) {
entry_num++;
if (entry.header.pcr >= NUM_PCRS) {
log_err("Invalid PCR %d.\n", entry.header.pcr);
fclose(fp);
exit(1);
}
if (entry.header.name_len > TCG_EVENT_NAME_LEN_MAX) {
log_err("%d ERROR: event name too long!\n",
entry.header.name_len);
@ -2243,7 +2248,7 @@ static int read_binary_bios_measurements(char *file, struct tpm_bank_info *bank)
log_info("%02u ", event.header.pcr);
log_dump(event.header.digest, SHA_DIGEST_LENGTH);
}
if (event.header.pcr > NUM_PCRS) {
if (event.header.pcr >= NUM_PCRS) {
log_err("Invalid PCR %d.\n", event.header.pcr);
err = 1;
break;