[PATCH 5.1 61/85] evm: check hash algorithm passed to init_desc()

From: Greg Kroah-Hartman
Date: Fri Jun 07 2019 - 11:53:55 EST

Next message: Greg Kroah-Hartman: "[PATCH 5.1 29/85] iio: adc: ads124: avoid buffer overflow"
Previous message: Greg Kroah-Hartman: "[PATCH 5.1 60/85] ima: show rules with IMA_INMASK correctly"
In reply to: Greg Kroah-Hartman: "[PATCH 5.1 60/85] ima: show rules with IMA_INMASK correctly"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.1 29/85] iio: adc: ads124: avoid buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Roberto Sassu <roberto.sassu@xxxxxxxxxx>

commit 221be106d75c1b511973301542f47d6000d0b63e upstream.

This patch prevents memory access beyond the evm_tfm array by checking the
validity of the index (hash algorithm) passed to init_desc(). The hash
algorithm can be arbitrarily set if the security.ima xattr type is not
EVM_XATTR_HMAC.

Fixes: 5feeb61183dde ("evm: Allow non-SHA1 digital signatures")
Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx>
Cc: stable@xxxxxxxxxxxxxxx
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>

---
security/integrity/evm/evm_crypto.c | 3 +++
1 file changed, 3 insertions(+)

--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -89,6 +89,9 @@ static struct shash_desc *init_desc(char
tfm = &hmac_tfm;
algo = evm_hmac;
} else {
+ if (hash_algo >= HASH_ALGO__LAST)
+ return ERR_PTR(-EINVAL);
+
tfm = &evm_tfm[hash_algo];
algo = hash_algo_name[hash_algo];
}

Next message: Greg Kroah-Hartman: "[PATCH 5.1 29/85] iio: adc: ads124: avoid buffer overflow"
Previous message: Greg Kroah-Hartman: "[PATCH 5.1 60/85] ima: show rules with IMA_INMASK correctly"
In reply to: Greg Kroah-Hartman: "[PATCH 5.1 60/85] ima: show rules with IMA_INMASK correctly"
Next in thread: Greg Kroah-Hartman: "[PATCH 5.1 29/85] iio: adc: ads124: avoid buffer overflow"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]