Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 23c19e2c authored by Dmitry Kasatkin's avatar Dmitry Kasatkin Committed by Mimi Zohar
Browse files

ima: prevent buffer overflow in ima_alloc_tfm() 



This patch fixes the case where the file's signature/hash xattr contains
an invalid hash algorithm.  Although we can not verify the xattr, we still
need to measure the file.  Use the default IMA hash algorithm.

Signed-off-by: default avatarDmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.vnet.ibm.com>
parent 9a8d289f

security/integrity/ima/ima_crypto.c

+4 −1
Original line number Diff line number Diff line
@@ -116,7 +116,10 @@ static struct crypto_shash *ima_alloc_tfm(enum hash_algo algo) 
	struct crypto_shash *tfm = ima_shash_tfm;

	int rc;



	if (algo != ima_hash_algo && algo < HASH_ALGO__LAST) {

	if (algo < 0 || algo >= HASH_ALGO__LAST)

		algo = ima_hash_algo;



	if (algo != ima_hash_algo) {

		tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0);

		if (IS_ERR(tfm)) {

			rc = PTR_ERR(tfm);