iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
cb181da161
linux/security
History
THOBY Simon cb181da161 IMA: reject unknown hash algorithms in ima_get_hash_algo 
The new function validate_hash_algo() assumed that ima_get_hash_algo()
always return a valid 'enum hash_algo', but it returned the
user-supplied value present in the digital signature without
any bounds checks.

Update ima_get_hash_algo() to always return a valid hash algorithm,
defaulting on 'ima_hash_algo' when the user-supplied value inside
the xattr is invalid.

Signed-off-by: THOBY Simon <Simon.THOBY@viveris.fr>
Reported-by: syzbot+e8bafe7b82c739eaf153@syzkaller.appspotmail.com
Fixes: 50f742dd91 ("IMA: block writes of the security.ima xattr with unsupported algorithms")
Reviewed-by: Lakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2021-08-23 18:22:00 -04:00
..
apparmor apparmor: use get_unaligned() only for multi-byte words 2021-05-17 13:30:29 +02:00
bpf bpf: Implement task local storage 2020-11-06 08:08:37 -08:00
integrity IMA: reject unknown hash algorithms in ima_get_hash_algo 2021-08-23 18:22:00 -04:00
keys trusted-keys: match tpm_get_ops on all return paths 2021-05-12 22:36:37 +03:00
landlock landlock: Enable user space to infer supported features 2021-04-22 12:22:11 -07:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Mark safesetid_initialized as __initdata 2021-06-10 09:52:32 -07:00
selinux ima: Add digest and digest_len params to the functions to measure a buffer 2021-07-23 09:27:02 -04:00
smack Smack: fix doc warning 2021-06-08 10:23:08 -07:00
tomoyo tomoyo: fix doc warnings 2021-06-16 00:01:28 +09:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c Miscellaneous minor fixes for v5.13. 2021-04-27 19:32:55 -07:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-08-20 11:25:03 -07:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig landlock: Set up the security framework and manage credentials 2021-04-22 12:22:10 -07:00
Kconfig.hardening kasan: remove redundant config option 2021-04-16 16:10:36 -07:00
lsm_audit.c audit: remove unnecessary 'ret' initialization 2021-06-11 13:21:28 -04:00
Makefile landlock: Add object management 2021-04-22 12:22:10 -07:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c selinux/stable-5.14 PR 20210629 2021-06-30 14:55:42 -07:00