nagai/kernel
3
0
Fork 0
forked from mirrors/linux
Code Pull requests Activity

evm: check hash algorithm passed to init_desc()

Browse source 
This patch prevents memory access beyond the evm_tfm array by checking the
validity of the index (hash algorithm) passed to init_desc(). The hash
algorithm can be arbitrarily set if the security.ima xattr type is not
EVM_XATTR_HMAC.

Fixes: 5feeb61183 ("evm: Allow non-SHA1 digital signatures")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Roberto Sassu 2019-05-29 15:30:33 +02:00 committed by Mimi Zohar
parent f40019475b
commit 221be106d7
1 changed files with 3 additions and 0 deletions
repo.diff.show_diff_stats Download patch file Download diff file Expand all files Collapse all files

3
security/integrity/evm/evm_crypto.c
View file

@ -89,6 +89,9 @@ static struct shash_desc *init_desc(char type, uint8_t hash_algo)
tfm = &hmac_tfm; tfm = &hmac_tfm;
algo = evm_hmac; algo = evm_hmac;
} else { } else {
if (hash_algo >= HASH_ALGO__LAST)
return ERR_PTR(-EINVAL);
tfm = &evm_tfm[hash_algo]; tfm = &evm_tfm[hash_algo];
algo = hash_algo_name[hash_algo]; algo = hash_algo_name[hash_algo];
} }