[PATCH 1/3] ima-evm-utils: similarly add sanity check for file parameter of TPM 1.2 PCRs
From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2020-07-19 16:02:24
Subsystem:
the rest · Maintainer:
Linus Torvalds
Parameter expects to be a copy of /sys/class/tpm/tpm0/device/pcrs (i.e. regular file, not a directory, block or character device, socket, ...) Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> --- src/evmctl.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 0f1c5a023516..06a2ffb879d9 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c@@ -1379,14 +1379,26 @@ static char *misc_pcrs = "/sys/class/misc/tpm0/device/pcrs"; /* Read all of the TPM 1.2 PCRs */ static int tpm_pcr_read(struct tpm_bank_info *tpm_banks, int len) { + struct stat s; FILE *fp = NULL; char *p, pcr_str[8], buf[70]; /* length of the TPM string */ int result = -1; int i = 0; /* Use the provided TPM 1.2 pcrs file */ - if (pcrfile) + if (pcrfile) { + if (stat(pcrfile, &s) == -1) { + errno = 0; + return 1; + } + + if (!S_ISREG(s.st_mode)) { + log_info("TPM 1.2 PCR file: not a regular file or link to regular file\n"); + return 1; + } + fp = fopen(pcrfile, "r"); + } if (!fp) fp = fopen(pcrs, "r");
--
2.7.5