diff options
author | Roberto Sassu <roberto.sassu@huawei.com> | 2020-09-04 12:23:30 +0300 |
---|---|---|
committer | Mimi Zohar <zohar@linux.ibm.com> | 2020-09-15 20:47:42 +0300 |
commit | 455b6c9112eff8d249e32ba165742085678a80a4 (patch) | |
tree | faed71382cd53d9bcd78a58328cdb1430c67b64c /security | |
parent | 4be92db3b5667f3a5c874a04635b037dc5e3f373 (diff) | |
download | linux-455b6c9112eff8d249e32ba165742085678a80a4.tar.xz |
evm: Check size of security.evm before using it
This patch checks the size for the EVM_IMA_XATTR_DIGSIG and
EVM_XATTR_PORTABLE_DIGSIG types to ensure that the algorithm is read from
the buffer returned by vfs_getxattr_alloc().
Cc: stable@vger.kernel.org # 4.19.x
Fixes: 5feeb61183dde ("evm: Allow non-SHA1 digital signatures")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/evm/evm_main.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 6ae00fee1d34..76d19146d74b 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -184,6 +184,12 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, break; case EVM_IMA_XATTR_DIGSIG: case EVM_XATTR_PORTABLE_DIGSIG: + /* accept xattr with non-empty signature field */ + if (xattr_len <= sizeof(struct signature_v2_hdr)) { + evm_status = INTEGRITY_FAIL; + goto out; + } + hdr = (struct signature_v2_hdr *)xattr_data; digest.hdr.algo = hdr->hash_algo; rc = evm_calc_hash(dentry, xattr_name, xattr_value, |