From patchwork Mon Dec 3 03:35:19 2018 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Vitaly Chikunov X-Patchwork-Id: 10708573 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 9692115A6 for ; Mon, 3 Dec 2018 03:35:28 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 7B6C72A7D7 for ; Mon, 3 Dec 2018 03:35:28 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 6F5E62A874; Mon, 3 Dec 2018 03:35:28 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0F09F2A6F5 for ; Mon, 3 Dec 2018 03:35:28 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1725870AbeLCDfb (ORCPT ); Sun, 2 Dec 2018 22:35:31 -0500 Received: from vmicros1.altlinux.org ([194.107.17.57]:54272 "EHLO vmicros1.altlinux.org" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1725806AbeLCDfb (ORCPT ); Sun, 2 Dec 2018 22:35:31 -0500 Received: from imap.altlinux.org (imap.altlinux.org [194.107.17.38]) by vmicros1.altlinux.org (Postfix) with ESMTP id 9EDC272CA65; Mon, 3 Dec 2018 06:35:25 +0300 (MSK) Received: from beacon.altlinux.org (unknown [185.6.174.98]) by imap.altlinux.org (Postfix) with ESMTPSA id 8393B4A4A29; Mon, 3 Dec 2018 06:35:25 +0300 (MSK) From: Vitaly Chikunov To: Mimi Zohar , Dmitry Kasatkin , linux-integrity@vger.kernel.org Subject: [PATCH v3 1/7] ima-evm-utils: Fix hash buffer overflow in verify_evm and hmac_evm Date: Mon, 3 Dec 2018 06:35:19 +0300 Message-Id: <20181203033525.20431-1-vt@altlinux.org> X-Mailer: git-send-email 2.11.0 Sender: linux-integrity-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-integrity@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Commit ae1319eeabd6 ("Remove hardcoding of SHA1 in EVM signatures") introduces overflow of 20 byte buffer on the stack while calculating hash. Also, invalid hash length is passed to the underlying verification function in verify_evm. This prevents any non-SHA1 hashes from being properly validated using evmctl. Fixes: ae1319eeabd6 ("Remove hardcoding of SHA1 in EVM signatures") Signed-off-by: Vitaly Chikunov --- Changes since v1: - Fix similar issue in hmac_evm Changes since v2: - No changes. src/evmctl.c | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/src/evmctl.c b/src/evmctl.c index 1b46d58..f8035da 100644 --- a/src/evmctl.c +++ b/src/evmctl.c @@ -55,6 +55,7 @@ #include #include #include +#include #include #include @@ -760,13 +761,15 @@ static int cmd_sign_evm(struct command *cmd) static int verify_evm(const char *file) { - unsigned char hash[20]; + unsigned char hash[64]; unsigned char sig[1024]; + int mdlen; int len; - len = calc_evm_hash(file, hash); - if (len <= 1) - return len; + mdlen = calc_evm_hash(file, hash); + assert(mdlen <= sizeof(hash)); + if (mdlen <= 1) + return mdlen; len = lgetxattr(file, "security.evm", sig, sizeof(sig)); if (len < 0) { @@ -779,7 +782,7 @@ static int verify_evm(const char *file) return -1; } - return verify_hash(file, hash, sizeof(hash), sig + 1, len - 1); + return verify_hash(file, hash, mdlen, sig + 1, len - 1); } static int cmd_verify_evm(struct command *cmd) @@ -1135,11 +1138,12 @@ out: static int hmac_evm(const char *file, const char *key) { - unsigned char hash[20]; + unsigned char hash[64]; unsigned char sig[1024]; int len, err; len = calc_evm_hmac(file, key, hash); + assert(len <= sizeof(hash)); if (len <= 1) return len;