dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-04-28 06:33:36 +02:00
Code Releases Activity

Add sanity check for file parameter of ima_boot_aggregate

Browse Source 
Parameter expects to be a copy of
/sys/kernel/security/tpm0/binary_bios_measurements (i.e. regular file,
not a directory, block or character device, socket, ...)

Fixes: f49e982 ("ima-evm-utils: read the TPM 1.2 binary_bios_measurements")

Signed-off-by: Petr Vorel <pvorel@suse.cz>
[zohar@linux.ibm.com: updated to check stat result]
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Petr Vorel 2020-07-17 14:04:22 +02:00 committed by Mimi Zohar
parent 3e7d575816
commit aa636ee486
1 changed files with 11 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/evmctl.c
View File

@ -2076,12 +2076,23 @@ static int read_binary_bios_measurements(char *file, struct tpm_bank_info *bank)
} header; } header;
unsigned char data[MAX_EVENT_DATA_SIZE]; unsigned char data[MAX_EVENT_DATA_SIZE];
} event; } event;
struct stat s;
FILE *fp; FILE *fp;
SHA_CTX c; SHA_CTX c;
int err = 0; int err = 0;
int len; int len;
int i; int i;
if (stat(file, &s) == -1) {
errno = 0;
return 1;
}
if (!S_ISREG(s.st_mode)) {
log_info("Bios event log: not a regular file or link to regular file\n");
return 1;
}
fp = fopen(file, "r"); fp = fopen(file, "r");
if (!fp) { if (!fp) {
log_errno("Failed to open TPM 1.2 event log.\n"); log_errno("Failed to open TPM 1.2 event log.\n");