Skip to content
Commit cb181da1 authored by THOBY Simon's avatar THOBY Simon Committed by Mimi Zohar
Browse files

IMA: reject unknown hash algorithms in ima_get_hash_algo 



The new function validate_hash_algo() assumed that ima_get_hash_algo()
always return a valid 'enum hash_algo', but it returned the
user-supplied value present in the digital signature without
any bounds checks.

Update ima_get_hash_algo() to always return a valid hash algorithm,
defaulting on 'ima_hash_algo' when the user-supplied value inside
the xattr is invalid.

Signed-off-by: default avatarTHOBY Simon <Simon.THOBY@viveris.fr>
Reported-by: default avatar <syzbot+e8bafe7b82c739eaf153@syzkaller.appspotmail.com>
Fixes: 50f742dd ("IMA: block writes of the security.ima xattr with unsupported algorithms")
Reviewed-by: default avatarLakshmi Ramasubramanian <nramas@linux.microsoft.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent d07eeeb8
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment