From: Emil Velikov <emil.velikov@xxxxxxxxxxxxx> Currently if we see unknown algorithm, we'll do an OOB read in pkey_hash_algo. This can happen for example if OPENSSL_NO_SM3 is set and the kernel module uses a SM3 hash. Cc: Mikhail Novosyolov <m.novosyolov@xxxxxxxxxxxx> Cc: Lucas De Marchi <lucas.demarchi@xxxxxxxxx> Signed-off-by: Emil Velikov <emil.velikov@xxxxxxxxxxxxx> --- Should probably wire some sanitizers and/or valgrind to the tests. Although I'm not sure if I'll get the time to do so. --- libkmod/libkmod-signature.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/libkmod/libkmod-signature.c b/libkmod/libkmod-signature.c index 092f396..b749a81 100644 --- a/libkmod/libkmod-signature.c +++ b/libkmod/libkmod-signature.c @@ -219,6 +219,7 @@ static bool fill_pkcs7(const char *mem, off_t size, unsigned char *key_id_str; struct pkcs7_private *pvt; const char *issuer_str; + int hash_algo; size -= sig_len; pkcs7_raw = mem + size; @@ -277,7 +278,10 @@ static bool fill_pkcs7(const char *mem, off_t size, X509_ALGOR_get0(&o, NULL, NULL, dig_alg); - sig_info->hash_algo = pkey_hash_algo[obj_to_hash_algo(o)]; + hash_algo = obj_to_hash_algo(o); + if (hash_algo < 0) + goto err3; + sig_info->hash_algo = pkey_hash_algo[hash_algo]; // hash algo has not been recognized if (sig_info->hash_algo == NULL) goto err3; -- 2.39.1
