Fix handling of zero-length file digests

Do not try to convert a zero-length file digest to a binary representation.
Zero-length file digests may stem from directory entries and symbolic links.
Return an empty signature in this case.

Returning an empty signature results in the ima.so plugin getting a sequence
of zeroes that it would write into security.ima xattr. Check for a signature
header consisting of only zeroes and do not write it into the filesystem.

Signed-off-by: Stefan Berger <stefanb@linux.vnet.ibm.com>

1 files changed, 24 insertions, 1 deletions

diff --git a/plugins/ima.c b/plugins/ima.c
index 0dfdd8bea..be15ecf2f 100644
--- a/plugins/ima.c
+++ b/plugins/ima.c
@@ -12,6 +12,29 @@
 
 #define XATTR_NAME_IMA "security.ima"
 
+/*
+ * check_zero_hdr: Check the signature for a zero header
+ *
+ * Check whether the given signature has a header with all zeros
+ *
+ * Returns -1 in case the signature is too short to compare
+ * (invalid signature), 0 in case the header is not only zeroes,
+ * and 1 if it is only zeroes.
+ */
+static int check_zero_hdr(const unsigned char *fsig, size_t siglen)
+{
+	/*
+	 * Every signature has a header signature_v2_hdr as defined in
+	 * Linux's (4.5) security/integrity/integtrity.h. The following
+	 * 9 bytes represent this header in front of the signature.
+	 */
+	static const uint8_t zero_hdr[] = {0, 0, 0, 0, 0, 0, 0, 0, 0};
+
+	if (siglen < sizeof(zero_hdr))
+		return -1;
+	return (memcmp(fsig, &zero_hdr, sizeof(zero_hdr)) == 0);
+}
+
 static rpmRC ima_psm_post(rpmPlugin plugin, rpmte te, int res)
 {
 	rpmfi fi = rpmteFI(te);
@@ -30,7 +53,7 @@ static rpmRC ima_psm_post(rpmPlugin plugin, rpmte te, int res)
 	    if (!(rpmfiFFlags(fi) & RPMFILE_CONFIG)) {
 		fpath = rpmfiFN(fi);
 		fsig = rpmfiFSignature(fi, &len);
-		if (fsig) {
+		if (fsig && (check_zero_hdr(fsig, len) == 0)) {
 		    lsetxattr(fpath, XATTR_NAME_IMA, fsig, len, 0);
 		}
 	    }