Commit 4a2f6e98 authored by Zhang Tianxing's avatar Zhang Tianxing Committed by zgzxx
Browse files

ima: don't allow control characters in policy path 

euleros inclusion
category: feature
bugzilla: https://gitee.com/openeuler/kernel/issues/I91FSN


CVE: NA

-----------------------------------------------------------------

Expected error message `ima: Unable to open file:` can be overwritten
when the uploaded path contains control characters like `\r` or `\b`.
Therefore, When an invalid path (which contains control characters) is
uploaded through SecurityFS, unexpected logs can be printed to dmesg.

This patch rejects policy paths with control characters.

Signed-off-by: default avatarZhang Tianxing <zhangtianxing3@huawei.com>
Reviewed-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
Signed-off-by: default avatarzhoushuiqing <zhoushuiqing2@huawei.com>
Signed-off-by: default avatarzhangguangzhi <zhangguangzhi3@huawei.com>
parent 96fdcd7b

security/integrity/ima/ima_efi.c

+3 −0
Original line number Diff line number Diff line
@@ -6,6 +6,9 @@ 
#include <linux/module.h>

#include <linux/ima.h>

#include <asm/efi.h>

#ifdef CONFIG_IMA_DIGEST_LIST

#include <linux/ctype.h>

#endif



#ifndef arch_ima_efi_boot_mode

#define arch_ima_efi_boot_mode efi_secureboot_mode_unset

security/integrity/ima/ima_fs.c

+11 −0
Original line number Diff line number Diff line
@@ -24,6 +24,7 @@ 


#ifdef CONFIG_IMA_DIGEST_LIST

#include <linux/file.h>

#include <linux/ctype.h>

#endif

#include "ima.h"

#ifdef CONFIG_IMA_DIGEST_LIST
@@ -427,6 +428,7 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, 
	ssize_t result;

#ifdef CONFIG_IMA_DIGEST_LIST

	struct dentry *dentry = file_dentry(file);

	int i;

#endif



#ifndef CONFIG_IMA_DIGEST_LIST
@@ -468,6 +470,15 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, 


	if (data[0] == '/') {

#ifdef CONFIG_IMA_DIGEST_LIST

		for (i = 0; data[i] != '\n' && data[i] != '\0'; i++) {

			if (iscntrl(data[i])) {

				pr_err_once("invalid path (control characters are not allowed)\n");

				result = -EINVAL;

				mutex_unlock(&ima_write_mutex);

				goto out_free;

			}

		}



		result = ima_read_file(data, dentry);

	} else if (dentry == ima_policy) {

		if (ima_appraise & IMA_APPRAISE_POLICY) {