]>
Commit | Line | Data |
---|---|---|
95244f99 GKH |
1 | From foo@baz Wed Dec 6 17:39:55 CET 2017 |
2 | From: Boshi Wang <wangboshi@huawei.com> | |
3 | Date: Fri, 20 Oct 2017 16:01:03 +0800 | |
4 | Subject: ima: fix hash algorithm initialization | |
5 | ||
6 | From: Boshi Wang <wangboshi@huawei.com> | |
7 | ||
8 | ||
9 | [ Upstream commit ebe7c0a7be92bbd34c6ff5b55810546a0ee05bee ] | |
10 | ||
11 | The hash_setup function always sets the hash_setup_done flag, even | |
12 | when the hash algorithm is invalid. This prevents the default hash | |
13 | algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used. | |
14 | ||
15 | This patch sets hash_setup_done flag only for valid hash algorithms. | |
16 | ||
17 | Fixes: e7a2ad7eb6f4 "ima: enable support for larger default filedata hash algorithms" | |
18 | Signed-off-by: Boshi Wang <wangboshi@huawei.com> | |
19 | Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com> | |
20 | Signed-off-by: Sasha Levin <alexander.levin@verizon.com> | |
21 | Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | |
22 | --- | |
23 | security/integrity/ima/ima_main.c | 4 ++++ | |
24 | 1 file changed, 4 insertions(+) | |
25 | ||
26 | --- a/security/integrity/ima/ima_main.c | |
27 | +++ b/security/integrity/ima/ima_main.c | |
28 | @@ -51,6 +51,8 @@ static int __init hash_setup(char *str) | |
29 | ima_hash_algo = HASH_ALGO_SHA1; | |
30 | else if (strncmp(str, "md5", 3) == 0) | |
31 | ima_hash_algo = HASH_ALGO_MD5; | |
32 | + else | |
33 | + return 1; | |
34 | goto out; | |
35 | } | |
36 | ||
37 | @@ -60,6 +62,8 @@ static int __init hash_setup(char *str) | |
38 | break; | |
39 | } | |
40 | } | |
41 | + if (i == HASH_ALGO__LAST) | |
42 | + return 1; | |
43 | out: | |
44 | hash_setup_done = 1; | |
45 | return 1; |