[thirdparty/kernel/stable-queue.git] / releases / 4.9.68 / ima-fix-hash-algorithm-initialization.patch

From foo@baz Wed Dec  6 17:39:55 CET 2017
From: Boshi Wang <wangboshi@huawei.com>
Date: Fri, 20 Oct 2017 16:01:03 +0800
Subject: ima: fix hash algorithm initialization

From: Boshi Wang <wangboshi@huawei.com>


[ Upstream commit ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee ]

The hash_setup function always sets the hash_setup_done flag, even
when the hash algorithm is invalid.  This prevents the default hash
algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used.

This patch sets hash_setup_done flag only for valid hash algorithms.

Fixes: e7a2ad7eb6f4 "ima: enable support for larger default filedata hash algorithms"
Signed-off-by: Boshi Wang <wangboshi@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---
 security/integrity/ima/ima_main.c |    4 ++++
 1 file changed, 4 insertions(+)

--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -51,6 +51,8 @@ static int __init hash_setup(char *str)
 			ima_hash_algo = HASH_ALGO_SHA1;
 		else if (strncmp(str, "md5", 3) == 0)
 			ima_hash_algo = HASH_ALGO_MD5;
+		else
+			return 1;
 		goto out;
 	}
 
@@ -60,6 +62,8 @@ static int __init hash_setup(char *str)
 			break;
 		}
 	}
+	if (i == HASH_ALGO__LAST)
+		return 1;
 out:
 	hash_setup_done = 1;
 	return 1;
Commit	Line	Data
95244f99 GKH	1	From foo@baz Wed Dec 6 17:39:55 CET 2017
	2	From: Boshi Wang <wangboshi@huawei.com>
	3	Date: Fri, 20 Oct 2017 16:01:03 +0800
	4	Subject: ima: fix hash algorithm initialization
	5
	6	From: Boshi Wang <wangboshi@huawei.com>
	7
	8
	9	[ Upstream commit ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee ]
	10
	11	The hash_setup function always sets the hash_setup_done flag, even
	12	when the hash algorithm is invalid. This prevents the default hash
	13	algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used.
	14
	15	This patch sets hash_setup_done flag only for valid hash algorithms.
	16
	17	Fixes: e7a2ad7eb6f4 "ima: enable support for larger default filedata hash algorithms"
	18	Signed-off-by: Boshi Wang <wangboshi@huawei.com>
	19	Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
	20	Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
	21	Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	22	---
	23	security/integrity/ima/ima_main.c \| 4 ++++
	24	1 file changed, 4 insertions(+)
	25
	26	--- a/security/integrity/ima/ima_main.c
	27	+++ b/security/integrity/ima/ima_main.c
	28	@@ -51,6 +51,8 @@ static int __init hash_setup(char *str)
	29	ima_hash_algo = HASH_ALGO_SHA1;
	30	else if (strncmp(str, "md5", 3) == 0)
	31	ima_hash_algo = HASH_ALGO_MD5;
	32	+ else
	33	+ return 1;
	34	goto out;
	35	}
	36
	37	@@ -60,6 +62,8 @@ static int __init hash_setup(char *str)
	38	break;
	39	}
	40	}
	41	+ if (i == HASH_ALGO__LAST)
	42	+ return 1;
	43	out:
	44	hash_setup_done = 1;
	45	return 1;