releases/4.19.49/evm-check-hash-algorithm-passed-to-init_desc.patch

   1 From 221be106d75c1b511973301542f47d6000d0b63e Mon Sep 17 00:00:00 2001
   2 From: Roberto Sassu <roberto.sassu@huawei.com>
   3 Date: Wed, 29 May 2019 15:30:33 +0200
   4 Subject: evm: check hash algorithm passed to init_desc()
   5
   6 From: Roberto Sassu <roberto.sassu@huawei.com>
   7
   8 commit 221be106d75c1b511973301542f47d6000d0b63e upstream.
   9
  10 This patch prevents memory access beyond the evm_tfm array by checking the
  11 validity of the index (hash algorithm) passed to init_desc(). The hash
  12 algorithm can be arbitrarily set if the security.ima xattr type is not
  13 EVM_XATTR_HMAC.
  14
  15 Fixes: 5feeb61183dde ("evm: Allow non-SHA1 digital signatures")
  16 Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
  17 Cc: stable@vger.kernel.org
  18 Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
  19 Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
  20
  21 ---
  22  security/integrity/evm/evm_crypto.c |    3 +++
  23  1 file changed, 3 insertions(+)
  24
  25 --- a/security/integrity/evm/evm_crypto.c
  26 +++ b/security/integrity/evm/evm_crypto.c
  27 @@ -89,6 +89,9 @@ static struct shash_desc *init_desc(char
  28                 tfm = &hmac_tfm;
  29                 algo = evm_hmac;
  30         } else {
  31 +               if (hash_algo >= HASH_ALGO__LAST)
  32 +                       return ERR_PTR(-EINVAL);
  33 +
  34                 tfm = &evm_tfm[hash_algo];
  35                 algo = hash_algo_name[hash_algo];
  36         }