On Thu, 2019-05-16 at 18:12 +0200, Roberto Sassu wrote: > This patch prevents memory access beyond the evm_tfm array by checking the > validity of the index (hash algorithm) passed to init_desc(). The hash > algorithm can be arbitrarily set if the security.ima xattr type is not > EVM_XATTR_HMAC. > > Fixes: 5feeb61183dde ("evm: Allow non-SHA1 digital signatures") > Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxxx> > Cc: stable@xxxxxxxxxxxxxxx Thanks! > --- > security/integrity/evm/evm_crypto.c | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c > index e11564eb645b..82a38e801ee4 100644 > --- a/security/integrity/evm/evm_crypto.c > +++ b/security/integrity/evm/evm_crypto.c > @@ -89,6 +89,9 @@ static struct shash_desc *init_desc(char type, uint8_t hash_algo) > tfm = &hmac_tfm; > algo = evm_hmac; > } else { > + if (hash_algo >= HASH_ALGO__LAST) > + return ERR_PTR(-EINVAL); > + > tfm = &evm_tfm[hash_algo]; > algo = hash_algo_name[hash_algo]; > }