| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1573582344.17949.67.camel@linux.ibm.com>
Date: Tue, 12 Nov 2019 13:12:24 -0500
From: Mimi Zohar <zohar@...ux.ibm.com>
To: Lakshmi Ramasubramanian <nramas@...ux.microsoft.com>,
Patrick Callaghan <patrickc@...ux.ibm.com>,
linux-integrity@...r.kernel.org
Cc: linux-kernel@...r.kernel.org, Sascha Hauer <s.hauer@...gutronix.de>
Subject: Re: [PATCH] ima: avoid appraise error for hash calc interrupt
On Tue, 2019-11-12 at 09:33 -0800, Lakshmi Ramasubramanian wrote:
> On 11/12/2019 9:14 AM, Mimi Zohar wrote:
>
> > On Mon, 2019-11-11 at 14:29 -0800, Lakshmi Ramasubramanian wrote:
> >> On 11/11/19 11:23 AM, Patrick Callaghan wrote:
> >>
> >>> - if (rbuf_len == 0)
> >>> + if (rbuf_len == 0) { /* unexpected EOF */
> >>> + rc = -EINVAL;
> >>> break;
> >>> + }
> >>> offset += rbuf_len;
> >>
> >> Should there be an additional check to validate that (offset + rbuf_len)
> >> is less than i_size before calling cypto_shash_update (since rbuf_len is
> >> one of the parameters for this call)?
> >
> > The "while" statement enforces that.
> >
> > Mimi
>
> Yes - but that check happens after the call to crypto_shash_update().
>
> Perhaps integrity_kernel_read() will never return (rbuf_len) that will
> => violate the check in the "while" statement.
> => number of bytes read that is greater than the memory allocated for
> rbuf even in error conditions.
>
> Just making sure.
integrity_kernel_read() returns an error (< 0) or the number of bytes
read. The while statement ensures that there is more data to read, so
returning 0 is always an error.
Mimi
Powered by blists - more mailing lists