dh/ima-evm-utils-mirror
1
0
Fork 0
mirror of https://git.code.sf.net/p/linux-ima/ima-evm-utils synced 2025-07-02 13:43:16 +02:00
Code Releases Activity

ima-evm-utils: Do not allow fallback and unknown hash algos

Browse Source 
Falling back and permissiveness could have security implications.

Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
This commit is contained in:
Vitaly Chikunov
2019-07-25 09:13:05 +03:00
committed by Mimi Zohar
parent 31ceff7eb6
commit 25fce6e76a
2 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/evmctl.c
View File

@ -584,6 +584,10 @@ static int hash_ima(const char *file)
int len, err, offset;
int algo = get_hash_algo(params.hash_algo);
if (algo < 0) {
log_err("Unknown hash algo: %s\n", params.hash_algo);
return -1;
}
if (algo > PKEY_HASH_SHA1) {
hash[0] = IMA_XATTR_DIGEST_NG;
hash[1] = algo;