lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <08bd9fcb-d3ba-e76e-928e-f569e8a4be74@linux.vnet.ibm.com>
Date:   Tue, 23 May 2017 16:48:44 -0400
From:   Ken Goldman <kgold@...ux.vnet.ibm.com>
To:     linux-ima-devel@...ts.sourceforge.net
Cc:     linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [Linux-ima-devel] [PATCH 0/7] IMA: new parser for
 ima_restore_measurement_list()

On 5/18/2017 5:38 AM, Roberto Sassu wrote:
> On 5/17/2017 6:28 PM, Ken Goldman wrote:
>> On 5/17/2017 3:25 AM, Roberto Sassu wrote:
>>>
>>> The format of digestN is: <algo name>:\0<digest value>, the same used
>>> for the file digest.
>>
>> Since the format is changing from the SHA-1 log format anyway ...
>>
>> How do people feel about the colon and null terminated string format for
>> algorithm identifiers?
>>
>> The TCG standard enumerations are uint16_t, and there is a registry of
>> hash algorithms.
>>
>> As a consuming parser, it feels nice to know it's always 2 bytes and not
>> have to worry about a missing colon or a missing nul terminator risking
>> a buffer overflow.
> 
> There cannot be buffer overflow, because the length of each digest
> field is known.
> 
> Roberto
> 

I was not referring to the digest, but the digest algorithm.

I wanted opinions on the colon and null terminated string format for 
algorithm identifiers.

The TCG standard log uses the TCG standard enumerations.  They're always 
exactly 2 bytes.  Parsing is trivial.

If IMA uses strings, the attacker can send, e.g., sha1: and not null 
terminate it.  A careful parser can go a byte at a time until it reaches 
a maximum length - if you specify a maximum length.  But it is an attack 
surface.  Is there a corresponding advantage?

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ