提交 23c19e2c 编写于 作者: D Dmitry Kasatkin 提交者: Mimi Zohar

ima: prevent buffer overflow in ima_alloc_tfm()

This patch fixes the case where the file's signature/hash xattr contains
an invalid hash algorithm.  Although we can not verify the xattr, we still
need to measure the file.  Use the default IMA hash algorithm.
Signed-off-by: NDmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: NMimi Zohar <zohar@linux.vnet.ibm.com>
上级 9a8d289f
...@@ -116,7 +116,10 @@ static struct crypto_shash *ima_alloc_tfm(enum hash_algo algo) ...@@ -116,7 +116,10 @@ static struct crypto_shash *ima_alloc_tfm(enum hash_algo algo)
struct crypto_shash *tfm = ima_shash_tfm; struct crypto_shash *tfm = ima_shash_tfm;
int rc; int rc;
if (algo != ima_hash_algo && algo < HASH_ALGO__LAST) { if (algo < 0 || algo >= HASH_ALGO__LAST)
algo = ima_hash_algo;
if (algo != ima_hash_algo) {
tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0); tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0);
if (IS_ERR(tfm)) { if (IS_ERR(tfm)) {
rc = PTR_ERR(tfm); rc = PTR_ERR(tfm);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册