git.baikalelectronics.ru Git - kernel.git/commit

author	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Mon, 28 Jul 2014 11:59:49 +0000 (07:59 -0400)
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>
	Tue, 2 Sep 2014 21:03:35 +0000 (17:03 -0400)
commit	0f265ac622c6b9205b8f77f6b07b500f19669990
tree	d06d101fc0a24619b7b7d8fff2951ac446e7300d	tree \| snapshot
parent	db8700adfec8a49877f962dc0396aff58eedfe92	commit \| diff

ima: fix ima_alloc_atfm()

The patch c3c03a79a32d: "ima: use ahash API for file hash
calculation" from Feb 26, 2014, leads to the following static checker
warning:

security/integrity/ima/ima_crypto.c:204 ima_alloc_atfm()
         error: buffer overflow 'hash_algo_name' 17 <= 17

Unlike shash tfm memory, which is allocated on initialization, the
ahash tfm memory allocation is deferred until needed.

This patch fixes the case where ima_ahash_tfm has not yet been
allocated and the file's signature/hash xattr contains an invalid hash
algorithm.  Although we can not verify the xattr, we still need to
measure the file.  Use the default IMA hash algorithm.

Changelog:
- set valid algo before testing tfm - based on Dmitry's comment

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>