mirror of
				https://git.code.sf.net/p/linux-ima/ima-evm-utils
				synced 2025-10-25 11:20:46 +02:00 
			
		
		
		
	libimaevm: Remove calculation of a digest over a symbolic link
Signature verification on symbolic links is not supported by IMA in the kernel, so remove the calculation of digests over symbolic links. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
		 Stefan Berger
					Stefan Berger
				
			
				
					committed by
					
						 Mimi Zohar
						Mimi Zohar
					
				
			
			
				
	
			
			
			 Mimi Zohar
						Mimi Zohar
					
				
			
						parent
						
							a5a03d5454
						
					
				
				
					commit
					fd40ff5dd5
				
			| @@ -177,20 +177,6 @@ out: | |||||||
| 	return err; | 	return err; | ||||||
| } | } | ||||||
|  |  | ||||||
| static int add_link_hash(const char *path, EVP_MD_CTX *ctx) |  | ||||||
| { |  | ||||||
| 	int len; |  | ||||||
| 	char buf[1024]; |  | ||||||
|  |  | ||||||
| 	len = readlink(path, buf, sizeof(buf)); |  | ||||||
| 	/* 0-length links are also an error */ |  | ||||||
| 	if (len <= 0) |  | ||||||
| 		return -1; |  | ||||||
|  |  | ||||||
| 	log_info("link: %s -> %.*s\n", path, len, buf); |  | ||||||
| 	return !EVP_DigestUpdate(ctx, buf, len); |  | ||||||
| } |  | ||||||
|  |  | ||||||
| int ima_calc_hash(const char *file, uint8_t *hash) | int ima_calc_hash(const char *file, uint8_t *hash) | ||||||
| { | { | ||||||
| 	const EVP_MD *md; | 	const EVP_MD *md; | ||||||
| @@ -231,9 +217,6 @@ int ima_calc_hash(const char *file, uint8_t *hash) | |||||||
| 	case S_IFREG: | 	case S_IFREG: | ||||||
| 		err = add_file_hash(file, pctx); | 		err = add_file_hash(file, pctx); | ||||||
| 		break; | 		break; | ||||||
| 	case S_IFLNK: |  | ||||||
| 		err = add_link_hash(file, pctx); |  | ||||||
| 		break; |  | ||||||
| 	default: | 	default: | ||||||
| 		log_err("Unsupported file type (0x%x)", st.st_mode & S_IFMT); | 		log_err("Unsupported file type (0x%x)", st.st_mode & S_IFMT); | ||||||
| 		err = -1; | 		err = -1; | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user