| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <c6a57c24-2f30-f252-0f42-8d748ede65af@linux.microsoft.com>
Date: Tue, 12 Nov 2019 09:33:34 -0800
From: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>
To: Mimi Zohar <zohar@...ux.ibm.com>,
Patrick Callaghan <patrickc@...ux.ibm.com>,
linux-integrity@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, Sascha Hauer <s.hauer@...gutronix.de>
Subject: Re: [PATCH] ima: avoid appraise error for hash calc interrupt
On 11/12/2019 9:14 AM, Mimi Zohar wrote:
> On Mon, 2019-11-11 at 14:29 -0800, Lakshmi Ramasubramanian wrote:
>> On 11/11/19 11:23 AM, Patrick Callaghan wrote:
>>
>>> - if (rbuf_len == 0)
>>> + if (rbuf_len == 0) { /* unexpected EOF */
>>> + rc = -EINVAL;
>>> break;
>>> + }
>>> offset += rbuf_len;
>>
>> Should there be an additional check to validate that (offset + rbuf_len)
>> is less than i_size before calling cypto_shash_update (since rbuf_len is
>> one of the parameters for this call)?
>
> The "while" statement enforces that.
>
> Mimi
Yes - but that check happens after the call to crypto_shash_update().
Perhaps integrity_kernel_read() will never return (rbuf_len) that will
=> violate the check in the "while" statement.
=> number of bytes read that is greater than the memory allocated for
rbuf even in error conditions.
Just making sure.
thanks,
-lakshmi
>
>>
>> if ((rbuf_len == 0) || (offset + rbuf_len >= i_size)) {
>> rc = -EINVAL;
>> break;
>> }
>> offset += rbuf_len;
>>
>>> rc = crypto_shash_update(shash, rbuf, rbuf_len);
Powered by blists - more mailing lists