system/linux
system/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux synced 2024-09-20 02:57:25 +00:00
Code Issues Packages Projects Releases Wiki Activity
linux/security/integrity
History
Mimi Zohar 9a8d289fbc ima: fix ima_alloc_atfm() 
The patch 3bcced39ea: "ima: use ahash API for file hash
calculation" from Feb 26, 2014, leads to the following static checker
warning:

security/integrity/ima/ima_crypto.c:204 ima_alloc_atfm()
         error: buffer overflow 'hash_algo_name' 17 <= 17

Unlike shash tfm memory, which is allocated on initialization, the
ahash tfm memory allocation is deferred until needed.

This patch fixes the case where ima_ahash_tfm has not yet been
allocated and the file's signature/hash xattr contains an invalid hash
algorithm.  Although we can not verify the xattr, we still need to
measure the file.  Use the default IMA hash algorithm.

Changelog:
- set valid algo before testing tfm - based on Dmitry's comment

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
2014-09-02 17:03:35 -04:00
..
evm evm: prohibit userspace writing 'security.evm' HMAC value 2014-06-12 17:58:07 -04:00
ima ima: fix ima_alloc_atfm() 2014-09-02 17:03:35 -04:00
digsig.c ima: define '.ima' as a builtin 'trusted' keyring 2014-07-17 09:35:17 -04:00
digsig_asymmetric.c ima: read and use signature hash algorithm 2013-10-25 17:16:59 -04:00
iint.c integrity: fix checkpatch errors 2014-03-07 12:15:45 -05:00
integrity.h ima: add support for measuring and appraising firmware 2014-07-25 11:47:46 -07:00
integrity_audit.c Merge git://git.infradead.org/users/eparis/audit 2014-04-12 12:38:53 -07:00
Kconfig integrity: move integrity_audit_msg() 2013-06-20 07:47:49 -04:00
Makefile security: cleanup Makefiles to use standard syntax for specifying sub-directories 2014-02-17 11:08:04 +11:00