On 9/14/22 10:22, Mimi Zohar wrote:
The template data length is variable, based on the template format.
Define some sort of upper bounds.
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
---
src/evmctl.c | 3 ++-
src/imaevm.h | 10 ++++++++++
2 files changed, 12 insertions(+), 1 deletion(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index bcf724c828f7..9ab804fee37a 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2189,7 +2189,8 @@ static int ima_measurement(const char *file)
log_err("Unable to read template length\n");
goto out;
}
- if (entry.template_len == 0) {
+ if (entry.template_len == 0 ||
+ entry.template_len > MAX_TEMPLATE_SIZE) {
log_err("Invalid template data len\n");
goto out;
}
diff --git a/src/imaevm.h b/src/imaevm.h
index 8114bd051514..c43312d01dec 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -91,6 +91,16 @@
#define MAX_DIGEST_SIZE 64
#define MAX_SIGNATURE_SIZE 1024
+/*
+ * The maximum template data size is dependent on the template format. For
+ * example the 'ima-modsig' template includes two signatures - one for the
+ * entire file, the other without the appended signature - and other fields
+ * (e.g. file digest, file name, file digest without the appended signature).
+ *
+ * Other template formats are much smaller.
+ */
+#define MAX_TEMPLATE_SIZE (MAX_SIGNATURE_SIZE * 4)
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
+
#define __packed __attribute__((packed))
enum evm_ima_xattr_type {
