Check that the algo parameter passed to calc_file_id_hash is within valid range. Do this in asymmetric_verify_v3 since this value will also be passed to a hashless signature verification function from here.
Signed-off-by: Stefan Berger <[email protected]> --- security/integrity/digsig_asymmetric.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c index a791ad43b3fb..ed171a627d18 100644 --- a/security/integrity/digsig_asymmetric.c +++ b/security/integrity/digsig_asymmetric.c @@ -139,7 +139,7 @@ int asymmetric_verify(struct key *keyring, const char *sig, /* * calc_file_id_hash - calculate the hash of the ima_file_id struct data * @type: xattr type [enum evm_ima_xattr_type] - * @algo: hash algorithm [enum hash_algo] + * @algo: hash algorithm [enum hash_algo]; caller must ensure valid value * @digest: pointer to the digest to be hashed * @hash: (out) pointer to the hash * @@ -187,6 +187,9 @@ int asymmetric_verify_v3(struct key *keyring, const char *sig, int siglen, struct ima_max_digest_data hash; int rc; + if (algo >= HASH_ALGO__LAST) + return -ENOPKG; + rc = calc_file_id_hash(hdr->type, algo, data, &hash); if (rc) return -EINVAL; -- 2.53.0
