Re: [PATCH v2 ima-evm-utils 2/3] Sign an fs-verity file digest

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Thu, 2022-05-12 at 17:48 -0400, Stefan Berger wrote:
> > -             /* find the end of the hash */
> > -             token = strpbrk(line, ", \t");
> > -             hashlen = token ? token - line : strlen(line);
> > +             /*
> > +              * Before either directly or indirectly signing the hash,
> > +              * convert the hex-ascii hash representation to binary.
> > +              */
> > +             if (veritysig) {
> > +
> > +                     /* split the algorithm from the hash */
> > +                     hashp = strpbrk(line, ":");
> > +                     if (!hashp) {   /* pointer to the delimiter */
> > +                             log_err("Missing fsverity hash algorithm\n");
> > +                             continue;
> > +                     }
> > +
> > +                     algolen = hashp - line;
> > +                     if (algolen > sizeof(algo))
> > +                             algolen = sizeof(algo);
> 
> I think a hash name exceeding the max buffer size and needing to be 
> truncating it should be an error since the name to index conversion will 
> fail  later on.

Sure.  In fact, the hash algorithm name size should be limited to the
maximum size of those algorithms that fs-verity actually supports.

thanks,

Mimi
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux