| From: Boshi Wang <wangboshi@huawei.com> |
| Date: Fri, 20 Oct 2017 16:01:03 +0800 |
| Subject: ima: fix hash algorithm initialization |
| |
| commit ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee upstream. |
| |
| The hash_setup function always sets the hash_setup_done flag, even |
| when the hash algorithm is invalid. This prevents the default hash |
| algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used. |
| |
| This patch sets hash_setup_done flag only for valid hash algorithms. |
| |
| Fixes: e7a2ad7eb6f4 "ima: enable support for larger default filedata hash |
| algorithms" |
| Signed-off-by: Boshi Wang <wangboshi@huawei.com> |
| Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> |
| Signed-off-by: Ben Hutchings <ben@decadent.org.uk> |
| --- |
| security/integrity/ima/ima_main.c | 4 ++++ |
| 1 file changed, 4 insertions(+) |
| |
| --- a/security/integrity/ima/ima_main.c |
| +++ b/security/integrity/ima/ima_main.c |
| @@ -52,6 +52,8 @@ static int __init hash_setup(char *str) |
| ima_hash_algo = HASH_ALGO_SHA1; |
| else if (strncmp(str, "md5", 3) == 0) |
| ima_hash_algo = HASH_ALGO_MD5; |
| + else |
| + return 1; |
| goto out; |
| } |
| |
| @@ -61,6 +63,8 @@ static int __init hash_setup(char *str) |
| break; |
| } |
| } |
| + if (i == HASH_ALGO__LAST) |
| + return 1; |
| out: |
| hash_setup_done = 1; |
| return 1; |
