summaryrefslogtreecommitdiffstats
path: root/security/integrity/ima
diff options
context:
space:
mode:
authorThiago Jung Bauermann <bauerman@linux.ibm.com>2019-06-27 20:25:46 -0300
committerMimi Zohar <zohar@linux.ibm.com>2019-06-30 17:54:40 -0400
commit337619eb44ef663d329c5c19efd18488ce7de492 (patch)
treef23aedac341cfda9051417c06e8bca159c975f03 /security/integrity/ima
parent6a31fcd4cff84490bf5ac11dbeedfdca5b38b39a (diff)
downloadlinux-stable-337619eb44ef663d329c5c19efd18488ce7de492.tar.gz
linux-stable-337619eb44ef663d329c5c19efd18488ce7de492.tar.bz2
linux-stable-337619eb44ef663d329c5c19efd18488ce7de492.zip
ima: Update MAX_TEMPLATE_NAME_LEN to fit largest reasonable definition
MAX_TEMPLATE_NAME_LEN is used when restoring measurements carried over from a kexec. It should be set to the length of a template containing all fields except for 'd' and 'n', which don't need to be accounted for since they shouldn't be defined in the same template description as 'd-ng' and 'n-ng'. That length is greater than the current 15, so update using a sizeof() to show where the number comes from and also can be visually shown to be correct. The sizeof() is calculated at compile time. Signed-off-by: Thiago Jung Bauermann <bauerman@linux.ibm.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima')
-rw-r--r--security/integrity/ima/ima_template.c8
1 files changed, 7 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index a01a17e5c581..7343e8e0ae2f 100644
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -47,7 +47,13 @@ static const struct ima_template_field supported_fields[] = {
{.field_id = "buf", .field_init = ima_eventbuf_init,
.field_show = ima_show_template_buf},
};
-#define MAX_TEMPLATE_NAME_LEN 15
+
+/*
+ * Used when restoring measurements carried over from a kexec. 'd' and 'n' don't
+ * need to be accounted for since they shouldn't be defined in the same template
+ * description as 'd-ng' and 'n-ng' respectively.
+ */
+#define MAX_TEMPLATE_NAME_LEN sizeof("d-ng|n-ng|sig|buf")
static struct ima_template_desc *ima_template;