Hi Samasth,
On Thu, 2024-06-20 at 12:46 -0700, Samasth Norway Ananda wrote:
> Function ima_eventdigest_init() can call ima_eventdigest_init_common()
> with HASH_ALGO__LAST which is then used to access the array
> hash_digest_size[] leading to buffer overrun. Have a conditional
> statement to handle this.
The original 'ima' template ("d|n") digest is not prefixed with the digest
algorithm, since it is hard coded to sha1. ima_eventdigest_init() intentionally
calls ima_eventdigest_init_common() with HASH_ALGO__LAST. To avoid ...
>
> Fixes: 9fab303a2cb3 ("ima: fix violation measurement list record")
> Signed-off-by: Samasth Norway Ananda <samasth.norway.ananda@xxxxxxxxxx>
> ---
> security/integrity/ima/ima_template_lib.c | 8 ++++++--
> 1 file changed, 6 insertions(+), 2 deletions(-)
>
> diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c
> index 4183956c53af..14c000fe8312 100644
> --- a/security/integrity/ima/ima_template_lib.c
> +++ b/security/integrity/ima/ima_template_lib.c
> @@ -320,13 +320,17 @@ static int ima_eventdigest_init_common(const u8 *digest, u32 digestsize,
>
> if (digest)
Please add a brace after "digest" and before "else".
Refer to the section titled "3) Placing Braces and Spaces" in "
https://www.kernel.org/doc/html/v4.10/process/coding-style.html.
> memcpy(buffer + offset, digest, digestsize);
> - else
> + else {
> /*
> * If digest is NULL, the event being recorded is a violation.
> * Make room for the digest by increasing the offset by the
> * hash algorithm digest size.
> */
Please update the comment to reflect the case when the hash algorithm isn't
specified.
> - offset += hash_digest_size[hash_algo];
> + if (hash_algo < HASH_ALGO__LAST)
> + offset += hash_digest_size[hash_algo];
> + else
> + offset += IMA_DIGEST_SIZE;
> + }
>
> return ima_write_template_field_data(buffer, offset + digestsize,
> fmt, field_data);
Please fix the other scripts/checkpatch.pl complaints.
thanks,
Mimi
