diff options
author | Seth Forshee <seth.forshee@canonical.com> | 2016-08-01 15:19:10 +0200 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2016-11-14 04:50:11 +0100 |
commit | b4bfec7f4a86424b114f94f41c4e1841ec102df3 (patch) | |
tree | 9f4a668c3d28ef3de0743d3dda285829b38a85a3 /security/integrity/digsig.c | |
parent | Doc: security: keys-trusted: drop duplicate blobauth entry (diff) | |
download | linux-b4bfec7f4a86424b114f94f41c4e1841ec102df3.tar.xz linux-b4bfec7f4a86424b114f94f41c4e1841ec102df3.zip |
security/integrity: Harden against malformed xattrs
In general the handling of IMA/EVM xattrs is good, but I found
a few locations where either the xattr size or the value of the
type field in the xattr are not checked. Add a few simple checks
to these locations to prevent malformed or malicious xattrs from
causing problems.
Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security/integrity/digsig.c')
-rw-r--r-- | security/integrity/digsig.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index 4304372b323f..106e855e2d9d 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -51,7 +51,7 @@ static bool init_keyring __initdata; int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen, const char *digest, int digestlen) { - if (id >= INTEGRITY_KEYRING_MAX) + if (id >= INTEGRITY_KEYRING_MAX || siglen < 2) return -EINVAL; if (!keyring[id]) { |