代码拉取完成,页面将自动刷新
同步操作将从 src-openEuler/dim 强制同步,此操作会覆盖自 Fork 仓库以来所做的任何修改,且无法恢复!!!
确定后同步将在后台操作,完成时将刷新页面,请耐心等待。
From 5c57ec04ec4208a968d490dfedd72319c8518e01 Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@huawei.com>
Date: Thu, 14 Sep 2023 12:26:29 +0800
Subject: [PATCH] Limit the max line number of policy and baseline parsing
1. Limit the max file line number to 10000, the excess lines
will be ignored;
2. Remove some unused macro definitions;
3. Change some macro names.
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
---
doc/manual.md | 9 +++++----
src/common/dim_utils.c | 10 ++++++++--
src/core/dim_core_policy.c | 6 ++++++
src/core/dim_core_policy.h | 2 +-
src/core/dim_core_static_baseline.c | 16 +++++++++++-----
src/core/dim_core_static_baseline.h | 22 +++++++---------------
6 files changed, 38 insertions(+), 27 deletions(-)
diff --git a/doc/manual.md b/doc/manual.md
index a8f94e4..1a20742 100644
--- a/doc/manual.md
+++ b/doc/manual.md
@@ -52,10 +52,11 @@ DIM特性通过在程序运行时对内存中的关键数据(如代码段、
### 1.3 规格约束
-| 规格项 | 值 |
-| ------------------------------------------------------------ | ---- |
-| 文件大小上限(策略文件、静态基线文件、签名文件、证书文件) | 10MB |
-| 同一个度量目标在一次动态基线后多次度量期间最多记录的篡改度量日志条数 | 10条 |
+| 规格项 | 值 |
+| ------------------------------------------------------------ | ------- |
+| 文件大小上限(策略文件、静态基线文件、签名文件、证书文件) | 10MB |
+| 文件行数上限(策略文件、静态基线文件) | 10000行 |
+| 同一个度量目标在一次动态基线后多次度量期间最多记录的篡改度量日志条数 | 10条 |
### 1.4 架构说明
diff --git a/src/common/dim_utils.c b/src/common/dim_utils.c
index 83ed967..75b58fc 100644
--- a/src/common/dim_utils.c
+++ b/src/common/dim_utils.c
@@ -83,8 +83,14 @@ int dim_parse_line_buf(char *buf, loff_t len, int (*line_parser)(char *, int))
ret = line_parser(line_buf, line_no);
}
- if (ret < 0)
+ if (ret < 0) {
+ /*
+ * if the parser returns -E2BIG, means the line number
+ * is too large, the excess lines will be ignored.
+ */
+ ret = (ret == -E2BIG) ? 0 : ret;
goto out;
+ }
line_no++;
}
@@ -93,4 +99,4 @@ out:
kfree(line_buf);
return ret;
-}
\ No newline at end of file
+}
diff --git a/src/core/dim_core_policy.c b/src/core/dim_core_policy.c
index b501de4..a3fa369 100644
--- a/src/core/dim_core_policy.c
+++ b/src/core/dim_core_policy.c
@@ -170,6 +170,12 @@ static int policy_parse_line(char* line, int line_no)
int key = 0;
const char *val = NULL;
+ if (line_no > DIM_POLICY_LINE_MAX) {
+ dim_warn("more than %d policy items will be ignored\n",
+ DIM_POLICY_LINE_MAX);
+ return -E2BIG;
+ }
+
if (strlen(line) == 0 || line[0] == '#')
return 0; /* ignore blank line and comment */
diff --git a/src/core/dim_core_policy.h b/src/core/dim_core_policy.h
index 0f0de91..48c6f41 100644
--- a/src/core/dim_core_policy.h
+++ b/src/core/dim_core_policy.h
@@ -6,7 +6,7 @@
#define __DIM_CORE_POLICY_H
#define DIM_POLICY_PATH "/etc/dim/policy"
-#define DIM_MAX_POLICY_NUMBER 100000
+#define DIM_POLICY_LINE_MAX 10000
/* policy key */
#define DIM_POLICY_MEASURE "measure"
diff --git a/src/core/dim_core_static_baseline.c b/src/core/dim_core_static_baseline.c
index ebe6db8..f779da1 100644
--- a/src/core/dim_core_static_baseline.c
+++ b/src/core/dim_core_static_baseline.c
@@ -57,16 +57,22 @@ static int parse_simple_baseline_line(char* line, int line_no)
char *line_str = line;
struct dim_digest digest = { 0 };
+ if (line_no > DIM_STATIC_BASELINE_LINE_MAX) {
+ dim_warn("more than %d baseline items will be ignored\n",
+ DIM_STATIC_BASELINE_LINE_MAX);
+ return -E2BIG;
+ }
+
if (strlen(line) == 0 || line[0] == '#')
return 0; /* ignore blank line and comment */
- if (strlen(line) > DIM_BASELINE_MAX_LEN) {
+ if (strlen(line) > DIM_STATIC_BASELINE_LEN_MAX) {
dim_err("overlength item at line %d\n", line_no);
return 0; /* ignore baseline parsing failed */
}
if ((p = strsep(&line_str, " ")) == NULL ||
- strcmp(p, DIM_BASELINE_PREFIX) != 0) {
+ strcmp(p, DIM_STATIC_BASELINE_PREFIX) != 0) {
dim_warn("invalid baseline prefix at line %d\n", line_no);
return 0;
}
@@ -167,16 +173,16 @@ int dim_core_static_baseline_load(void)
.path = &kpath,
};
- ret = kern_path(DIM_BASELINE_ROOT, LOOKUP_DIRECTORY, &kpath);
+ ret = kern_path(DIM_STATIC_BASELINE_ROOT, LOOKUP_DIRECTORY, &kpath);
if (ret < 0) {
dim_err("fail to get dim baseline root path: %d", ret);
return ret;
}
- file = filp_open(DIM_BASELINE_ROOT, O_RDONLY | O_DIRECTORY, 0);
+ file = filp_open(DIM_STATIC_BASELINE_ROOT, O_RDONLY | O_DIRECTORY, 0);
if (IS_ERR(file)) {
ret = PTR_ERR(file);
- dim_err("fail to open %s: %d\n", DIM_BASELINE_ROOT, ret);
+ dim_err("fail to open %s: %d\n", DIM_STATIC_BASELINE_ROOT, ret);
path_put(&kpath);
return ret;
}
diff --git a/src/core/dim_core_static_baseline.h b/src/core/dim_core_static_baseline.h
index 0691934..bec37d6 100644
--- a/src/core/dim_core_static_baseline.h
+++ b/src/core/dim_core_static_baseline.h
@@ -5,22 +5,14 @@
#ifndef __DIM_CORE_STATIC_BASELINE_H
#define __DIM_CORE_STATIC_BASELINE_H
-#define DIM_BASELINE_ROOT "/etc/dim/digest_list"
-
-/* key field in baseline json file */
-#define KEY_PRODUCTS "products"
-#define KEY_FILES "ccFiles"
-#define KEY_FPATCHES "patches"
-#define KEY_FILENAME "fileName"
-#define KEY_FILETYPE "fileType"
-#define KEY_PATCH_FILES "files"
-#define KEY_SHA256 "sha256"
-
-#define DIM_BASELINE_PREFIX "dim"
- /* dim KERNEL sha256:{digest} {PATH_MAX}\n*/
- #define DIM_BASELINE_MAX_LEN (strlen(DIM_BASELINE_PREFIX) + 1 + \
- NAME_MAX + 1 + NAME_MAX + 1 + PATH_MAX + 1 + 1)
+#define DIM_STATIC_BASELINE_ROOT "/etc/dim/digest_list"
+#define DIM_STATIC_BASELINE_LINE_MAX 10000
+#define DIM_STATIC_BASELINE_PREFIX "dim"
+/* dim KERNEL sha256:{digest} {PATH_MAX}\n*/
+#define DIM_STATIC_BASELINE_LEN_MAX (strlen(DIM_STATIC_BASELINE_PREFIX) + 1 + \
+ NAME_MAX + 1 + NAME_MAX + 1 + \
+ PATH_MAX + 1 + 1)
int dim_core_static_baseline_load(void);
--
2.33.0
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手