| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1573578841.17949.48.camel@linux.ibm.com>
Date: Tue, 12 Nov 2019 12:14:01 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>,
Patrick Callaghan <patrickc@...ux.ibm.com>,
linux-integrity@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, Sascha Hauer <s.hauer@...gutronix.de>
Subject: Re: [PATCH] ima: avoid appraise error for hash calc interrupt
On Mon, 2019-11-11 at 14:29 -0800, Lakshmi Ramasubramanian wrote:
> On 11/11/19 11:23 AM, Patrick Callaghan wrote:
>
> > - if (rbuf_len == 0)
> > + if (rbuf_len == 0) { /* unexpected EOF */
> > + rc = -EINVAL;
> > break;
> > + }
> > offset += rbuf_len;
>
> Should there be an additional check to validate that (offset + rbuf_len)
> is less than i_size before calling cypto_shash_update (since rbuf_len is
> one of the parameters for this call)?
The "while" statement enforces that.
Mimi
>
> if ((rbuf_len == 0) || (offset + rbuf_len >= i_size)) {
> rc = -EINVAL;
> break;
> }
> offset += rbuf_len;
>
> > rc = crypto_shash_update(shash, rbuf, rbuf_len);
>
> -lakshmi
>
Powered by blists - more mailing lists