Re: [PATCH v3 2/2] ima-evm-utils: log unknown keyid's as errors

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mimi,

On Tue, Jul 23, 2019 at 08:19:46PM -0400, Mimi Zohar wrote:
> On Wed, 2019-07-24 at 02:13 +0300, Vitaly Chikunov wrote:
> > > > > +	tail->next = entry;
> > > > 
> > > > In that case here is SIGSEGV when user try to ima_verify.
> > > 
> > > find_keyid() returns NULL, which is checked before being used.
> > >  There's only one caller of this function.
> > 
> > find_keyid does not return since tail is NULL, thus there is null
> > dereference in `tail->next`.
> > 
> > > Do you have a test case to reproduce this bug?
> > 
> >   ima-evm-utils/tests ((31b5f50...))$ rm sha1.txt
> >   ima-evm-utils/tests ((31b5f50...))$ touch sha1.txt
> >   ima-evm-utils/tests ((31b5f50...))$ evmctl ima_sign -k test-rsa1024.key -a sha1 --xattr-user sha1.txt
> >   ima-evm-utils/tests ((31b5f50...))$ evmctl ima_verify -k /absent --xattr-user sha1.txt
> >   Failed to open keyfile: /absent
> >   Segmentation fault
> > 
> > 31b5f50 is head of your git next branch.
> > 
> > I temporary fixed like this:
> > 
> > -       tail->next = entry;
> > +       if (tail)
> > +               tail->next = entry;
> > +       else
> > +               public_keys = entry;
> 
> I see.  If you don't object, I'll fold this into the original patch. 

Of course.

Thanks,




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux