Detect oversize SWID tags
authorAndreas Steffen <andreas.steffen@strongswan.org>
Thu, 29 May 2014 11:05:39 +0000 (13:05 +0200)
committerAndreas Steffen <andreas.steffen@strongswan.org>
Sat, 31 May 2014 18:37:57 +0000 (20:37 +0200)
src/libpts/plugins/imc_swid/imc_swid.c

index 477b3b1..ef3a6a3 100644 (file)
@@ -138,7 +138,7 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
                                                           uint32_t request_id, bool full_tags,
                                                           swid_inventory_t *targets)
 {
-       pa_tnc_attr_t *attr, *attr_angel;
+       pa_tnc_attr_t *attr, *attr_angel, *attr_error;
        imc_swid_state_t *swid_state;
        swid_inventory_t *swid_inventory;
        char *swid_directory, *swid_generator;
@@ -165,9 +165,9 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
                                                                 targets, swid_pretty, swid_full))
        {
                swid_inventory->destroy(swid_inventory);
-               attr = swid_error_create(TCG_SWID_ERROR, request_id,
+               attr_error = swid_error_create(TCG_SWID_ERROR, request_id,
                                                                 0, "error in SWID tag collection");
-               msg->add_attribute(msg, attr);
+               msg->add_attribute(msg, attr_error);
                return FALSE;
        }
        DBG1(DBG_IMC, "collected %d SWID tag%s%s",
@@ -201,6 +201,17 @@ static bool add_swid_inventory(imc_state_t *state, imc_msg_t *msg,
                        encoding = tag->get_encoding(tag);
                        entry_size = 2 + tag_file_path.len + 4 + encoding.len;
 
+                       /* Check for oversize tags that cannot be transported */
+                       if (PA_TNC_ATTR_HEADER_SIZE + TCG_SWID_TAG_INV_MIN_SIZE +
+                               entry_size > max_attr_size)
+                       {
+                               attr_error = swid_error_create(TCG_SWID_RESPONSE_TOO_LARGE,
+                                                                                          request_id, max_attr_size,
+                                                                                          "oversize SWID tag omitted");
+                               msg->add_attribute(msg, attr_error);
+                               continue;
+                       }
+
                        if (attr_size + entry_size > max_attr_size)
                        {
                                if (first)