Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 8c782932 authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 

Pull Integrity subsystem fix from James Morris:
 "These changes fix a bug in xattr handling, where the evm and ima
  inode_setxattr() functions do not check for empty xattrs being passed
  from userspace (leading to user-triggerable null pointer
  dereferences)"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  evm: check xattr value length and type in evm_inode_setxattr()
  ima: check xattr value length and type in the ima_inode_setxattr()
parents 19be9e8a 6c880ad5

security/integrity/evm/evm_main.c

+6 −3
Original line number Diff line number Diff line
@@ -319,9 +319,12 @@ int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name, 
{

	const struct evm_ima_xattr_data *xattr_data = xattr_value;



	if ((strcmp(xattr_name, XATTR_NAME_EVM) == 0)

	    && (xattr_data->type == EVM_XATTR_HMAC))

	if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {

		if (!xattr_value_len)

			return -EINVAL;

		if (xattr_data->type != EVM_IMA_XATTR_DIGSIG)

			return -EPERM;

	}

	return evm_protect_xattr(dentry, xattr_name, xattr_value,

				 xattr_value_len);

}

security/integrity/ima/ima_appraise.c

+2 −0
Original line number Diff line number Diff line
@@ -378,6 +378,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name, 
	result = ima_protect_xattr(dentry, xattr_name, xattr_value,

				   xattr_value_len);

	if (result == 1) {

		if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))

			return -EINVAL;

		ima_reset_appraise_flags(dentry->d_inode,

			 (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);

		result = 0;

security/integrity/integrity.h

+1 −0
Original line number Diff line number Diff line
@@ -61,6 +61,7 @@ enum evm_ima_xattr_type { 
	EVM_XATTR_HMAC,

	EVM_IMA_XATTR_DIGSIG,

	IMA_XATTR_DIGEST_NG,

	IMA_XATTR_LAST

};



struct evm_ima_xattr_data {