diff mbox series

[ima-evm-utils,11/11] Missing template data size lower bounds checking

Message ID 20220902162836.554839-12-zohar@linux.ibm.com (mailing list archive)
State New, archived
Headers show
Series address deprecated warnings | expand

Commit Message

Mimi Zohar Sept. 2, 2022, 4:28 p.m. UTC 
Each record in the IMA measurement list must contain some template data.
Ensure the template data is not zero length.

Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c | 4 ++++
 1 file changed, 4 insertions(+)
diff mbox series

Patch

diff --git a/src/evmctl.c b/src/evmctl.c
index aac669438a1c..e603449b7d9e 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2188,6 +2188,10 @@  static int ima_measurement(const char *file)
 				log_err("Unable to read template length\n");
 				goto out;
 			}
+			if (entry.template_len == 0) {
+				log_err("Invalid template data len\n");
+				goto out;
+			}
 		} else {
 			entry.template_len = SHA_DIGEST_LENGTH +
 					     TCG_EVENT_NAME_LEN_MAX + 1;