mirror of
				https://git.code.sf.net/p/linux-ima/ima-evm-utils
				synced 2025-10-25 19:30:49 +02:00 
			
		
		
		
	libimaevm: Remove calculation of a digest over a symbolic link
Signature verification on symbolic links is not supported by IMA in the kernel, so remove the calculation of digests over symbolic links. Signed-off-by: Stefan Berger <stefanb@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
		 Stefan Berger
					Stefan Berger
				
			
				
					committed by
					
						 Mimi Zohar
						Mimi Zohar
					
				
			
			
				
	
			
			
			 Mimi Zohar
						Mimi Zohar
					
				
			
						parent
						
							a5a03d5454
						
					
				
				
					commit
					fd40ff5dd5
				
			| @@ -177,20 +177,6 @@ out: | ||||
| 	return err; | ||||
| } | ||||
|  | ||||
| static int add_link_hash(const char *path, EVP_MD_CTX *ctx) | ||||
| { | ||||
| 	int len; | ||||
| 	char buf[1024]; | ||||
|  | ||||
| 	len = readlink(path, buf, sizeof(buf)); | ||||
| 	/* 0-length links are also an error */ | ||||
| 	if (len <= 0) | ||||
| 		return -1; | ||||
|  | ||||
| 	log_info("link: %s -> %.*s\n", path, len, buf); | ||||
| 	return !EVP_DigestUpdate(ctx, buf, len); | ||||
| } | ||||
|  | ||||
| int ima_calc_hash(const char *file, uint8_t *hash) | ||||
| { | ||||
| 	const EVP_MD *md; | ||||
| @@ -231,9 +217,6 @@ int ima_calc_hash(const char *file, uint8_t *hash) | ||||
| 	case S_IFREG: | ||||
| 		err = add_file_hash(file, pctx); | ||||
| 		break; | ||||
| 	case S_IFLNK: | ||||
| 		err = add_link_hash(file, pctx); | ||||
| 		break; | ||||
| 	default: | ||||
| 		log_err("Unsupported file type (0x%x)", st.st_mode & S_IFMT); | ||||
| 		err = -1; | ||||
|   | ||||
		Reference in New Issue
	
	Block a user