ima: prevent buffer overflow in ima_alloc_tfm()
This patch fixes the case where the file's signature/hash xattr contains an invalid hash algorithm. Although we can not verify the xattr, we still need to measure the file. Use the default IMA hash algorithm. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
parent
9a8d289fbc
commit
23c19e2ca7
|
@ -116,7 +116,10 @@ static struct crypto_shash *ima_alloc_tfm(enum hash_algo algo)
|
|||
struct crypto_shash *tfm = ima_shash_tfm;
|
||||
int rc;
|
||||
|
||||
if (algo != ima_hash_algo && algo < HASH_ALGO__LAST) {
|
||||
if (algo < 0 || algo >= HASH_ALGO__LAST)
|
||||
algo = ima_hash_algo;
|
||||
|
||||
if (algo != ima_hash_algo) {
|
||||
tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0);
|
||||
if (IS_ERR(tfm)) {
|
||||
rc = PTR_ERR(tfm);
|
||||
|
|
Loading…
Reference in New Issue