| From 221be106d75c1b511973301542f47d6000d0b63e Mon Sep 17 00:00:00 2001 |
| From: Roberto Sassu <roberto.sassu@huawei.com> |
| Date: Wed, 29 May 2019 15:30:33 +0200 |
| Subject: evm: check hash algorithm passed to init_desc() |
| |
| From: Roberto Sassu <roberto.sassu@huawei.com> |
| |
| commit 221be106d75c1b511973301542f47d6000d0b63e upstream. |
| |
| This patch prevents memory access beyond the evm_tfm array by checking the |
| validity of the index (hash algorithm) passed to init_desc(). The hash |
| algorithm can be arbitrarily set if the security.ima xattr type is not |
| EVM_XATTR_HMAC. |
| |
| Fixes: 5feeb61183dde ("evm: Allow non-SHA1 digital signatures") |
| Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> |
| Cc: stable@vger.kernel.org |
| Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| security/integrity/evm/evm_crypto.c | 3 +++ |
| 1 file changed, 3 insertions(+) |
| |
| --- a/security/integrity/evm/evm_crypto.c |
| +++ b/security/integrity/evm/evm_crypto.c |
| @@ -89,6 +89,9 @@ static struct shash_desc *init_desc(char |
| tfm = &hmac_tfm; |
| algo = evm_hmac; |
| } else { |
| + if (hash_algo >= HASH_ALGO__LAST) |
| + return ERR_PTR(-EINVAL); |
| + |
| tfm = &evm_tfm[hash_algo]; |
| algo = hash_algo_name[hash_algo]; |
| } |