diff options
| author | Stefan Berger <stefanb@linux.ibm.com> | 2026-04-16 11:40:37 -0400 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2026-05-13 08:21:18 -0400 |
| commit | 474c78c26744b6921549f0c679b7507a57cfcbb9 (patch) | |
| tree | b7cd64f6f60264013eb6439aa882a6b5783a273a /security | |
| parent | c93a5f038ccc11ed8558ce642f62d5ede701a348 (diff) | |
| download | linux-next-history-474c78c26744b6921549f0c679b7507a57cfcbb9.tar.gz | |
integrity: Check that algo parameter is within valid range
Check that the algo parameter passed to calc_file_id_hash is within valid
range. Do this in asymmetric_verify_v3 since this value will also be passed
to a hashless signature verification function from here.
Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>
Tested-by: Kamlesh Kumar <kam@juniper.net>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/digsig_asymmetric.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index a791ad43b3fbb..ed171a627d182 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -139,7 +139,7 @@ out: /* * calc_file_id_hash - calculate the hash of the ima_file_id struct data * @type: xattr type [enum evm_ima_xattr_type] - * @algo: hash algorithm [enum hash_algo] + * @algo: hash algorithm [enum hash_algo]; caller must ensure valid value * @digest: pointer to the digest to be hashed * @hash: (out) pointer to the hash * @@ -187,6 +187,9 @@ int asymmetric_verify_v3(struct key *keyring, const char *sig, int siglen, struct ima_max_digest_data hash; int rc; + if (algo >= HASH_ALGO__LAST) + return -ENOPKG; + rc = calc_file_id_hash(hdr->type, algo, data, &hash); if (rc) return -EINVAL; |