If the pcr is invalid, evmctl will crash while accessing
an invalid memory address. Verify the pcr is in the
expected range.
Also, correct range of an existing check.
Signed-off-by: Frank Sorenson <sorenson@xxxxxxxxxx>
---
src/evmctl.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index 1815f55..a14337a 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -1975,6 +1975,11 @@ static int ima_measurement(const char *file)
tpmbanks = 0;
while (fread(&entry.header, sizeof(entry.header), 1, fp)) {
+ if (entry.header.pcr >= NUM_PCRS) {
+ log_err("Invalid PCR %d.\n", entry.header.pcr);
+ fclose(fp);
+ exit(1);
+ }
if (entry.header.name_len > TCG_EVENT_NAME_LEN_MAX) {
log_err("%d ERROR: event name too long!\n",
entry.header.name_len);
@@ -2180,7 +2185,7 @@ static int read_binary_bios_measurements(char *file, struct tpm_bank_info *bank)
log_info("%02u ", event.header.pcr);
log_dump(event.header.digest, SHA_DIGEST_LENGTH);
}
- if (event.header.pcr > NUM_PCRS) {
+ if (event.header.pcr >= NUM_PCRS) {
log_err("Invalid PCR %d.\n", event.header.pcr);
err = 1;
break;
--
2.29.2
