korg/linux
0
0
Fork 0
mirror of https://mirrors.bfsu.edu.cn/git/linux.git synced 2024-11-17 17:24:17 +08:00
Code Issues Packages Projects Releases Wiki Activity
cb181da161
linux/security/integrity
History
THOBY Simon cb181da161 IMA: reject unknown hash algorithms in ima_get_hash_algo 
The new function validate_hash_algo() assumed that ima_get_hash_algo()
always return a valid 'enum hash_algo', but it returned the
user-supplied value present in the digital signature without
any bounds checks.

Update ima_get_hash_algo() to always return a valid hash algorithm,
defaulting on 'ima_hash_algo' when the user-supplied value inside
the xattr is invalid.

Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr>
Reported-by: syzbot+e8bafe7b82c739eaf153@syzkaller.appspotmail.com
Fixes: 50f742dd91 ("IMA: block writes of the security.ima xattr with unsupported algorithms")
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2021-08-23 18:22:00 -04:00
..
evm evm: Check xattr size discrepancy between kernel and user 2021-06-21 08:34:21 -04:00
ima IMA: reject unknown hash algorithms in ima_get_hash_algo 2021-08-23 18:22:00 -04:00
platform_certs integrity: Load mokx variables into the blacklist keyring 2021-03-11 16:34:48 +00:00
digsig_asymmetric.c ima: Support EC keys for signature verification 2021-03-26 19:41:59 +11:00
digsig.c ima: enable loading of build time generated key on .ima keyring 2021-04-09 10:40:20 -04:00
iint.c evm: Load EVM key in ima_load_x509() to avoid appraisal 2021-05-21 12:47:04 -04:00
integrity_audit.c integrity: Use current_uid() in integrity_audit_message() 2020-08-31 17:46:50 -04:00
integrity.h crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
Kconfig powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00
Makefile powerpc: Load firmware trusted keys/hashes into kernel keyring 2019-11-13 00:33:23 +11:00