github-mirror/linux
1
0
Fork 0
mirror of https://github.com/torvalds/linux.git synced 2026-06-12 00:23:01 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity Graph
cdaedaba68
linux/security/integrity/evm
History
Roberto Sassu 4c7a2e76ae evm: Check also if *tfm is an error pointer in init_desc() 
[ Upstream commit 53de3b080d ]

This patch avoids a kernel panic due to accessing an error pointer set by
crypto_alloc_shash(). It occurs especially when there are many files that
require an unsupported algorithm, as it would increase the likelihood of
the following race condition:

Task A: *tfm = crypto_alloc_shash() <= error pointer
Task B: if (*tfm == NULL) <= *tfm is not NULL, use it
Task B: rc = crypto_shash_init(desc) <= panic
Task A: *tfm = NULL

This patch uses the IS_ERR_OR_NULL macro to determine whether or not a new
crypto context must be created.

Cc: stable@vger.kernel.org
Fixes: d46eb36995 ("evm: crypto hash replaced by shash")
Co-developed-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
Signed-off-by: Krzysztof Struczynski <krzysztof.struczynski@huawei.com>
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
2020-05-27 17:37:28 +02:00
..
evm_crypto.c evm: Check also if *tfm is an error pointer in init_desc() 2020-05-27 17:37:28 +02:00
evm_main.c evm: Allow non-SHA1 digital signatures 2018-07-18 07:27:22 -04:00
evm_posix_acl.c ima: fix script messages 2013-10-25 13:17:19 -04:00
evm_secfs.c EVM: fix return value check in evm_write_xattrs() 2018-07-22 14:49:11 -04:00
evm.h evm: Allow non-SHA1 digital signatures 2018-07-18 07:27:22 -04:00
Kconfig evm: Allow non-SHA1 digital signatures 2018-07-18 07:27:22 -04:00
Makefile evm: posix acls modify i_mode 2011-09-14 15:24:51 -04:00