diff options
| author | Roberto Sassu <roberto.sassu@huawei.com> | 2020-09-04 11:23:30 +0200 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2020-11-01 12:47:08 +0100 |
| commit | 7ee1fb69260b226758cf22c597a42af97ebd6061 (patch) | |
| tree | a212cc7bd88714c40c737899328daab2d26d2834 | |
| parent | ac35c640f1c251079e017df3ec8ec6fa2ba7eb4b (diff) | |
| download | linux-stable-7ee1fb69260b226758cf22c597a42af97ebd6061.tar.gz linux-stable-7ee1fb69260b226758cf22c597a42af97ebd6061.tar.bz2 linux-stable-7ee1fb69260b226758cf22c597a42af97ebd6061.zip | |
evm: Check size of security.evm before using it
commit 455b6c9112eff8d249e32ba165742085678a80a4 upstream.
This patch checks the size for the EVM_IMA_XATTR_DIGSIG and
EVM_XATTR_PORTABLE_DIGSIG types to ensure that the algorithm is read from
the buffer returned by vfs_getxattr_alloc().
Cc: stable@vger.kernel.org # 4.19.x
Fixes: 5feeb61183dde ("evm: Allow non-SHA1 digital signatures")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
| -rw-r--r-- | security/integrity/evm/evm_main.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 0d36259b690d..e4b47759ba1c 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -181,6 +181,12 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, break; case EVM_IMA_XATTR_DIGSIG: case EVM_XATTR_PORTABLE_DIGSIG: + /* accept xattr with non-empty signature field */ + if (xattr_len <= sizeof(struct signature_v2_hdr)) { + evm_status = INTEGRITY_FAIL; + goto out; + } + hdr = (struct signature_v2_hdr *)xattr_data; digest.hdr.algo = hdr->hash_algo; rc = evm_calc_hash(dentry, xattr_name, xattr_value, |