IMA: reject unknown hash algorithms in ima_get_hash_algo - linux-dev - Linux kernel development work

diff options

author	THOBY Simon <Simon.THOBY@viveris.fr>	2021-08-22 08:55:26 +0000
committer	Mimi Zohar <zohar@linux.ibm.com>	2021-08-23 18:22:00 -0400
commit	cb181da161963eddc9de0000de6ab2c7942be219 (patch)
tree	cf41ca44b1e7b216b75f9ffdc0c13fe776d144e6 /CREDITS
parent	Merge branch 'restrict-digest-alg-v8' into next-integrity (diff)
download	linux-dev-cb181da161963eddc9de0000de6ab2c7942be219.tar.xz linux-dev-cb181da161963eddc9de0000de6ab2c7942be219.zip

IMA: reject unknown hash algorithms in ima_get_hash_algo

The new function validate_hash_algo() assumed that ima_get_hash_algo() always return a valid 'enum hash_algo', but it returned the user-supplied value present in the digital signature without any bounds checks. Update ima_get_hash_algo() to always return a valid hash algorithm, defaulting on 'ima_hash_algo' when the user-supplied value inside the xattr is invalid. Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr> Reported-by: syzbot+e8bafe7b82c739eaf153@syzkaller.appspotmail.com Fixes: 50f742dd9147 ("IMA: block writes of the security.ima xattr with unsupported algorithms") Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

Diffstat (limited to 'CREDITS')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: