security/integrity: Harden against malformed xattrs

In general the handling of IMA/EVM xattrs is good, but I found
a few locations where either the xattr size or the value of the
type field in the xattr are not checked. Add a few simple checks
to these locations to prevent malformed or malicious xattrs from
causing problems.

Signed-off-by: Seth Forshee <seth.forshee@canonical.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c
index 4304372b323f76ac63c632c71c9b0bef7625490d..106e855e2d9d16933c6a5d6f39a1ead65143c40b 100644 (file)
--- a/security/integrity/digsig.c
+++ b/security/integrity/digsig.c
@@ -51,7 +51,7 @@ static bool init_keyring __initdata;
 int integrity_digsig_verify(const unsigned int id, const char *sig, int siglen,
                            const char *digest, int digestlen)
 {
-       if (id >= INTEGRITY_KEYRING_MAX)
+       if (id >= INTEGRITY_KEYRING_MAX || siglen < 2)
                return -EINVAL;
 
        if (!keyring[id]) {

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index ba8615576d4da93fb3185edfd57e7ebb7ede123b..e2ed498c0f5f59e12a36219b4886b1ea8323e368 100644 (file)
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -145,6 +145,10 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
        /* check value type */
        switch (xattr_data->type) {
        case EVM_XATTR_HMAC:
+               if (xattr_len != sizeof(struct evm_ima_xattr_data)) {
+                       evm_status = INTEGRITY_FAIL;
+                       goto out;
+               }
                rc = evm_calc_hmac(dentry, xattr_name, xattr_value,
                                   xattr_value_len, calc.digest);
                if (rc)

diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index a705598ced5ff26e40f0299e845c807f0a2b175e..1fd9539a969dce20d292c70885758945be84acdd 100644 (file)
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -130,6 +130,7 @@ enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
                                 int xattr_len)
 {
        struct signature_v2_hdr *sig;
+       enum hash_algo ret;
 
        if (!xattr_value || xattr_len < 2)
                /* return default hash algo */
@@ -143,7 +144,9 @@ enum hash_algo ima_get_hash_algo(struct evm_ima_xattr_data *xattr_value,
                return sig->hash_algo;
                break;
        case IMA_XATTR_DIGEST_NG:
-               return xattr_value->digest[0];
+               ret = xattr_value->digest[0];
+               if (ret < HASH_ALGO__LAST)
+                       return ret;
                break;
        case IMA_XATTR_DIGEST:
                /* this is for backward compatibility */