security/integrity: Harden against malformed xattrs

In general the handling of IMA/EVM xattrs is good, but I found a few locations where either the xattr size or the value of the type field in the xattr are not checked. Add a few simple checks to these locations to prevent malformed or malicious xattrs from causing problems. Signed-off-by: Seth Forshee <seth.forshee@canonical.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Seth Forshee 2016-08-01 15:19:10 +0200
committer: Mimi Zohar 2016-11-14 04:50:11 +0100
commit: b4bfec7f4a86424b114f94f41c4e1841ec102df3 (patch)
tree: 9f4a668c3d28ef3de0743d3dda285829b38a85a3 /security/integrity/digsig.c
parent: Doc: security: keys-trusted: drop duplicate blobauth entry (diff)
download: kernel-qcow2-linux-b4bfec7f4a86424b114f94f41c4e1841ec102df3.tar.gz
kernel-qcow2-linux-b4bfec7f4a86424b114f94f41c4e1841ec102df3.tar.xz
kernel-qcow2-linux-b4bfec7f4a86424b114f94f41c4e1841ec102df3.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 4304372b323f..106e855e2d9d 100644
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -51,7 +51,7 @@ static bool init_keyring __initdata;
 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
 			    const char *digest, int digestlen)
 {
-	if (id >= INTEGRITY_KEYRING_MAX)
+	if (id >= INTEGRITY_KEYRING_MAX || siglen < 2)
 		return -EINVAL;
 
 	if (!keyring[id]) {
author	Seth Forshee	2016-08-01 15:19:10 +0200
committer	Mimi Zohar	2016-11-14 04:50:11 +0100
commit	b4bfec7f4a86424b114f94f41c4e1841ec102df3 (patch)
tree	9f4a668c3d28ef3de0743d3dda285829b38a85a3 /security/integrity/digsig.c
parent	Doc: security: keys-trusted: drop duplicate blobauth entry (diff)
download	kernel-qcow2-linux-b4bfec7f4a86424b114f94f41c4e1841ec102df3.tar.gz kernel-qcow2-linux-b4bfec7f4a86424b114f94f41c4e1841ec102df3.tar.xz kernel-qcow2-linux-b4bfec7f4a86424b114f94f41c4e1841ec102df3.zip