ima-evm-utils: similarly add sanity check for file parameter of TPM 1.2 PCRs

Parameter expects to be a copy of /sys/class/tpm/tpm0/device/pcrs (i.e. regular file, not a directory, block or character device, socket, ...) Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Reviewed-by: Petr Vorel <pvorel@suse.cz>
2025-04-28 14:43:37 +02:00 · 2020-07-17 17:52:41 -04:00 · 2020-07-17 17:52:41 -04:00 · 9b5a1e7b1d
commit 9b5a1e7b1d
parent aa636ee486
1 changed files with 13 additions and 1 deletions
--- a/src/evmctl.c
+++ b/src/evmctl.c
@ -1379,14 +1379,26 @@ static char *misc_pcrs = "/sys/class/misc/tpm0/device/pcrs";
 /* Read all of the TPM 1.2 PCRs */
 static int tpm_pcr_read(struct tpm_bank_info *tpm_banks, int len)
 {
+	struct stat s;
 	FILE *fp = NULL;
 	char *p, pcr_str[8], buf[70]; /* length of the TPM string */
 	int result = -1;
 	int i = 0;

 	/* Use the provided TPM 1.2 pcrs file */
-	if (pcrfile)
+	if (pcrfile) {
+		if (stat(pcrfile, &s) == -1) {
+			errno = 0;
+			return 1;
+		}
+
+		if (!S_ISREG(s.st_mode)) {
+			log_info("TPM 1.2 PCR file: not a regular file or link to regular file\n");
+			return 1;
+		}
+
 		fp = fopen(pcrfile, "r");
+	}

 	if (!fp)
 		fp = fopen(pcrs, "r");