GitHub-Mirror/linux-bl808
2
0
Fork 0
mirror of https://github.com/Fishwaldo/linux-bl808.git synced 2025-06-17 20:25:19 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

security/integrity: Harden against malformed xattrs

Browse source 
In general the handling of IMA/EVM xattrs is good, but I found
a few locations where either the xattr size or the value of the
type field in the xattr are not checked. Add a few simple checks
to these locations to prevent malformed or malicious xattrs from
causing problems.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
This commit is contained in:
Seth Forshee 2016-08-01 08:19:10 -05:00 committed by Mimi Zohar
parent 5465d02a49
commit b4bfec7f4a
3 changed files with 9 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

4
security/integrity/evm/evm_main.c
View file

@ -145,6 +145,10 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
/* check value type */
switch (xattr_data->type) {
case EVM_XATTR_HMAC:
if (xattr_len != sizeof(struct evm_ima_xattr_data)) {
evm_status = INTEGRITY_FAIL;
goto out;
}
rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
xattr_value_len, calc.digest);
if (rc)