[PATCH] ima: Update MAX_TEMPLATE_NAME_LEN to fit largest reasonable definition

* [PATCH] ima: Update MAX_TEMPLATE_NAME_LEN to fit largest reasonable definition
@ 2019-06-27 23:25 Thiago Jung Bauermann
  2019-06-28 11:41 ` Mimi Zohar
  0 siblings, 1 reply; 2+ messages in thread
From: Thiago Jung Bauermann @ 2019-06-27 23:25 UTC (permalink / raw)
  To: linux-integrity
  Cc: linux-security-module, linux-kernel, Mimi Zohar, Thiago Jung Bauermann

MAX_TEMPLATE_NAME_LEN is used when restoring measurements carried over from
a kexec. It should be set to the length of a template containing all fields
except for 'd' and 'n', which don't need to be accounted for since they
shouldn't be defined in the same template description as 'd-ng' and 'n-ng'.

That length is greater than the current 15, so update using a sizeof() to
show where the number comes from and also can be visually shown to be
correct. The sizeof() is calculated at compile time.

Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com>
---
 security/integrity/ima/ima_template.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index a01a17e5c581..7343e8e0ae2f 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -47,7 +47,13 @@ static const struct ima_template_field supported_fields[] = {
 	{.field_id = "buf", .field_init = ima_eventbuf_init,
 	 .field_show = ima_show_template_buf},
 };
-#define MAX_TEMPLATE_NAME_LEN 15
+
+/*
+ * Used when restoring measurements carried over from a kexec. 'd' and 'n' don't
+ * need to be accounted for since they shouldn't be defined in the same template
+ * description as 'd-ng' and 'n-ng' respectively.
+ */
+#define MAX_TEMPLATE_NAME_LEN sizeof("d-ng|n-ng|sig|buf")
 
 static struct ima_template_desc *ima_template;
 


^ permalink raw reply related	[flat|nested] 2+ messages in thread