From 9a8d289fbcb7dfd1fc74959e9930b406e76b2002 Mon Sep 17 00:00:00 2001 From: Mimi Zohar Date: Mon, 28 Jul 2014 07:59:49 -0400 Subject: ima: fix ima_alloc_atfm() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The patch 3bcced39ea7d: "ima: use ahash API for file hash calculation" from Feb 26, 2014, leads to the following static checker warning: security/integrity/ima/ima_crypto.c:204 ima_alloc_atfm()          error: buffer overflow 'hash_algo_name' 17 <= 17 Unlike shash tfm memory, which is allocated on initialization, the ahash tfm memory allocation is deferred until needed. This patch fixes the case where ima_ahash_tfm has not yet been allocated and the file's signature/hash xattr contains an invalid hash algorithm. Although we can not verify the xattr, we still need to measure the file. Use the default IMA hash algorithm. Changelog: - set valid algo before testing tfm - based on Dmitry's comment Reported-by: Dan Carpenter Signed-off-by: Mimi Zohar Signed-off-by: Dmitry Kasatkin --- security/integrity/ima/ima_crypto.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'security/integrity/ima/ima_crypto.c') diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 0bd732843fe..2d103dc13d9 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -200,7 +200,10 @@ static struct crypto_ahash *ima_alloc_atfm(enum hash_algo algo) struct crypto_ahash *tfm = ima_ahash_tfm; int rc; - if ((algo != ima_hash_algo && algo < HASH_ALGO__LAST) || !tfm) { + if (algo < 0 || algo >= HASH_ALGO__LAST) + algo = ima_hash_algo; + + if (algo != ima_hash_algo || !tfm) { tfm = crypto_alloc_ahash(hash_algo_name[algo], 0, 0); if (!IS_ERR(tfm)) { if (algo == ima_hash_algo) -- cgit v1.2.3-70-g09d2 From 23c19e2ca736722a9523b64b07cda7efab7b6c57 Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Fri, 15 Aug 2014 13:28:52 +0300 Subject: ima: prevent buffer overflow in ima_alloc_tfm() This patch fixes the case where the file's signature/hash xattr contains an invalid hash algorithm. Although we can not verify the xattr, we still need to measure the file. Use the default IMA hash algorithm. Signed-off-by: Dmitry Kasatkin Signed-off-by: Mimi Zohar --- security/integrity/ima/ima_crypto.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'security/integrity/ima/ima_crypto.c') diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 2d103dc13d9..1178b307d56 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -116,7 +116,10 @@ static struct crypto_shash *ima_alloc_tfm(enum hash_algo algo) struct crypto_shash *tfm = ima_shash_tfm; int rc; - if (algo != ima_hash_algo && algo < HASH_ALGO__LAST) { + if (algo < 0 || algo >= HASH_ALGO__LAST) + algo = ima_hash_algo; + + if (algo != ima_hash_algo) { tfm = crypto_alloc_shash(hash_algo_name[algo], 0, 0); if (IS_ERR(tfm)) { rc = PTR_ERR(tfm); -- cgit v1.2.3-70-g09d2 From 27cd1fc3ae5374a4a86662c67033f15ef27b2461 Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Mon, 23 Jun 2014 20:32:56 +0300 Subject: ima: fix fallback to use new_sync_read() 3.16 commit aad4f8bb42af06371aa0e85bf0cd9d52c0494985 'switch simple generic_file_aio_read() users to ->read_iter()' replaced ->aio_read with ->read_iter in most of the file systems and introduced new_sync_read() as a replacement for do_sync_read(). Most of file systems set '->read' and ima_kernel_read is not affected. When ->read is not set, this patch adopts fallback call changes from the vfs_read. Signed-off-by: Dmitry Kasatkin Signed-off-by: Mimi Zohar Cc: 3.16+ --- security/integrity/ima/ima_crypto.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'security/integrity/ima/ima_crypto.c') diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 1178b307d56..3b26472fbf0 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -80,19 +80,19 @@ static int ima_kernel_read(struct file *file, loff_t offset, { mm_segment_t old_fs; char __user *buf = addr; - ssize_t ret; + ssize_t ret = -EINVAL; if (!(file->f_mode & FMODE_READ)) return -EBADF; - if (!file->f_op->read && !file->f_op->aio_read) - return -EINVAL; old_fs = get_fs(); set_fs(get_ds()); if (file->f_op->read) ret = file->f_op->read(file, buf, count, &offset); - else + else if (file->f_op->aio_read) ret = do_sync_read(file, buf, count, &offset); + else if (file->f_op->read_iter) + ret = new_sync_read(file, buf, count, &offset); set_fs(old_fs); return ret; } -- cgit v1.2.3-70-g09d2 From e4a9c5196566bd47ac92f6e5ef7f48412ded7176 Mon Sep 17 00:00:00 2001 From: Dmitry Kasatkin Date: Wed, 3 Sep 2014 10:19:58 +0300 Subject: ima: add missing '__init' keywords Add missing keywords to the function definition to cleanup to discard initialization code. Signed-off-by: Dmitry Kasatkin Reviewed-by: Roberto Sassu Signed-off-by: Mimi Zohar --- security/integrity/ima/ima.h | 2 -- security/integrity/ima/ima_crypto.c | 2 +- security/integrity/ima/ima_template.c | 4 ++-- 3 files changed, 3 insertions(+), 5 deletions(-) (limited to 'security/integrity/ima/ima_crypto.c') diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h index c6990a723f7..8e4bb883fc1 100644 --- a/security/integrity/ima/ima.h +++ b/security/integrity/ima/ima.h @@ -107,8 +107,6 @@ void ima_print_digest(struct seq_file *m, u8 *digest, int size); struct ima_template_desc *ima_template_desc_current(void); int ima_init_template(void); -int ima_init_template(void); - /* * used to protect h_table and sha_table */ diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 3b26472fbf0..d34e7dfc111 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -97,7 +97,7 @@ static int ima_kernel_read(struct file *file, loff_t offset, return ret; } -int ima_init_crypto(void) +int __init ima_init_crypto(void) { long rc; diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index a076a967ec4..f6826066ff0 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -152,7 +152,7 @@ out: return result; } -static int init_defined_templates(void) +static int __init init_defined_templates(void) { int i = 0; int result = 0; @@ -178,7 +178,7 @@ struct ima_template_desc *ima_template_desc_current(void) return ima_template; } -int ima_init_template(void) +int __init ima_init_template(void) { int result; -- cgit v1.2.3-70-g09d2