From 74ea78d4f29fd7d32303503aadb7c1c2481c518c Mon Sep 17 00:00:00 2001
From: Frank Sorenson <sorenson@redhat.com>
Date: Fri, 12 Feb 2021 11:58:22 -0600
Subject: [PATCH] ima-evm-utils: Prevent crash if pcr is invalid

If the pcr is invalid, evmctl will crash while accessing
an invalid memory address.  Verify the pcr is in the
expected range.

Also, correct range of an existing check.

Signed-off-by: Frank Sorenson <sorenson@redhat.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/evmctl.c b/src/evmctl.c
index c0d349d..7a6f202 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2023,6 +2023,11 @@ static int ima_measurement(const char *file)
 
 	while (fread(&entry.header, sizeof(entry.header), 1, fp)) {
 		entry_num++;
+		if (entry.header.pcr >= NUM_PCRS) {
+			log_err("Invalid PCR %d.\n", entry.header.pcr);
+			fclose(fp);
+			exit(1);
+		}
 		if (entry.header.name_len > TCG_EVENT_NAME_LEN_MAX) {
 			log_err("%d ERROR: event name too long!\n",
 				entry.header.name_len);
@@ -2243,7 +2248,7 @@ static int read_binary_bios_measurements(char *file, struct tpm_bank_info *bank)
 			log_info("%02u ", event.header.pcr);
 			log_dump(event.header.digest, SHA_DIGEST_LENGTH);
 		}
-		if (event.header.pcr > NUM_PCRS) {
+		if (event.header.pcr >= NUM_PCRS) {
 			log_err("Invalid PCR %d.\n", event.header.pcr);
 			err = 1;
 			break;