[PATCH ima-evm-utils] Add sanity check for file parameter of ima_boot_aggregate

[PATCH ima-evm-utils] Add sanity check for file parameter of ima_boot_aggregate · Petr Vorel <pvorel@suse.cz> · 2020-07-17
Re: [PATCH ima-evm-utils] Add sanity check for file parameter of ima_boot_aggregate · Mimi Zohar <zohar@linux.ibm.com> · 2020-07-19
Re: [PATCH ima-evm-utils] Add sanity check for file parameter of ima_boot_aggregate · Petr Vorel <pvorel@suse.cz> · 2020-07-20
Re: [PATCH ima-evm-utils] Add sanity check for file parameter of ima_boot_aggregate · Mimi Zohar <zohar@linux.ibm.com> · 2020-07-20

From: Petr Vorel <pvorel@suse.cz>
Date: 2020-07-17 12:04:30
Subsystem: the rest · Maintainer: Linus Torvalds

Parameter expects to be a copy of
/sys/kernel/security/tpm0/binary_bios_measurements (i.e. regular file,
not a directory, block or character device, socket, ...)

Fixes: f49e982 ("ima-evm-utils: read the TPM 1.2 binary_bios_measurements")

Signed-off-by: Petr Vorel <pvorel@suse.cz>
---
Hi Mimi,

feel free to modify this patchset to fits your needs (unless I'm wrong
and this should not be applied at all).

Kind regards,
Petr

 src/evmctl.c | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/evmctl.c b/src/evmctl.c
index 04dc2ad..3ad5039 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c

@@ -2082,6 +2082,13 @@ static int read_binary_bios_measurements(char *file, struct tpm_bank_info *bank)
 	int len;
 	int i;
 
+	struct stat s;
+	stat(file, &s);
+	if (!S_ISREG(s.st_mode)) {
+		log_errno("Not a regular file or link to regular file.\n");
+		return 1;
+	}
+
 	fp = fopen(file, "r");
 	if (!fp) {
 		log_errno("Failed to open TPM 1.2 event log.\n");

-- 
2.27.0.rc0

`h`	back out one level
`j`	next message in thread
`k`	previous message in thread
`l`	drill in
`Esc`	close help / fold thread tree
`?`	toggle this help