evm: check hash algorithm passed to init_desc()

This patch prevents memory access beyond the evm_tfm array by checking the validity of the index (hash algorithm) passed to init_desc(). The hash algorithm can be arbitrarily set if the security.ima xattr type is not EVM_XATTR_HMAC. Fixes: 5feeb61183dde ("evm: Allow non-SHA1 digital signatures") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Cc: stable@vger.kernel.org Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
author: Roberto Sassu <roberto.sassu@huawei.com> 2019-05-29 15:30:33 +0200
committer: Mimi Zohar <zohar@linux.ibm.com> 2019-05-29 23:18:25 -0400
commit: 221be106d75c1b511973301542f47d6000d0b63e (patch)
tree: 18f8246e67943de8fc8f5d9ebe2fcb927b8ed391 /security
parent: f40019475bbbe9b455e7fd4385fcf13896c492ca (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index e11564eb645b..82a38e801ee4 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -89,6 +89,9 @@ static struct shash_desc *init_desc(char type, uint8_t hash_algo)
 		tfm = &hmac_tfm;
 		algo = evm_hmac;
 	} else {
+		if (hash_algo >= HASH_ALGO__LAST)
+			return ERR_PTR(-EINVAL);
+
 		tfm = &evm_tfm[hash_algo];
 		algo = hash_algo_name[hash_algo];
 	}
author	Roberto Sassu <roberto.sassu@huawei.com>	2019-05-29 15:30:33 +0200
committer	Mimi Zohar <zohar@linux.ibm.com>	2019-05-29 23:18:25 -0400
commit	221be106d75c1b511973301542f47d6000d0b63e (patch)
tree	18f8246e67943de8fc8f5d9ebe2fcb927b8ed391 /security
parent	f40019475bbbe9b455e7fd4385fcf13896c492ca (diff)