From aa636ee486379cf3d7adbc963ff7a7249589f6da Mon Sep 17 00:00:00 2001
From: Petr Vorel <pvorel@suse.cz>
Date: Fri, 17 Jul 2020 14:04:22 +0200
Subject: [PATCH] Add sanity check for file parameter of ima_boot_aggregate

Parameter expects to be a copy of
/sys/kernel/security/tpm0/binary_bios_measurements (i.e. regular file,
not a directory, block or character device, socket, ...)

Fixes: f49e982 ("ima-evm-utils: read the TPM 1.2 binary_bios_measurements")

Signed-off-by: Petr Vorel <pvorel@suse.cz>
[zohar@linux.ibm.com: updated to check stat result]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/evmctl.c b/src/evmctl.c
index 04dc2ad..0f1c5a0 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2076,12 +2076,23 @@ static int read_binary_bios_measurements(char *file, struct tpm_bank_info *bank)
 		} header;
 		unsigned char data[MAX_EVENT_DATA_SIZE];
 	} event;
+	struct stat s;
 	FILE *fp;
 	SHA_CTX c;
 	int err = 0;
 	int len;
 	int i;
 
+	if (stat(file, &s) == -1) {
+		errno = 0;
+		return 1;
+	}
+
+	if (!S_ISREG(s.st_mode)) {
+		log_info("Bios event log: not a regular file or link to regular file\n");
+		return 1;
+	}
+
 	fp = fopen(file, "r");
 	if (!fp) {
 		log_errno("Failed to open TPM 1.2 event log.\n");