* [PATCH] ima: fix ineffective default hash algorithm due to invalid hash algorithm boot argument
@ 2017-10-18 3:38 Boshi Wang
2017-10-19 15:05 ` Mimi Zohar
0 siblings, 1 reply; 3+ messages in thread
From: Boshi Wang @ 2017-10-18 3:38 UTC (permalink / raw)
To: linux-integrity; +Cc: zohar
The hash_setup function always sets hash_setup_done variable. If an
invalid hash algorithm is passed, the default hash algorithm specified
by CONFIG_IMA_DEFAULT_HASH could not be used.
Signed-off-by: Boshi Wang <wangboshi@huawei.com>
---
security/integrity/ima/ima_main.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 2aebb79..ab70a39 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -51,6 +51,8 @@ static int __init hash_setup(char *str)
ima_hash_algo = HASH_ALGO_SHA1;
else if (strncmp(str, "md5", 3) == 0)
ima_hash_algo = HASH_ALGO_MD5;
+ else
+ return 1;
goto out;
}
@@ -60,6 +62,8 @@ static int __init hash_setup(char *str)
break;
}
}
+ if (i == HASH_ALGO__LAST)
+ return 1;
out:
hash_setup_done = 1;
return 1;
--
2.10.1
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [PATCH] ima: fix ineffective default hash algorithm due to invalid hash algorithm boot argument
2017-10-18 3:38 [PATCH] ima: fix ineffective default hash algorithm due to invalid hash algorithm boot argument Boshi Wang
@ 2017-10-19 15:05 ` Mimi Zohar
2017-10-20 2:14 ` Boshi Wang
0 siblings, 1 reply; 3+ messages in thread
From: Mimi Zohar @ 2017-10-19 15:05 UTC (permalink / raw)
To: Boshi Wang, linux-integrity
On Wed, 2017-10-18 at 11:38 +0800, Boshi Wang wrote:
> The hash_setup function always sets hash_setup_done variable. If an
> invalid hash algorithm is passed, the default hash algorithm specified
> by CONFIG_IMA_DEFAULT_HASH could not be used.
The Subject line of this email is too long and needs to be clearer.
Please refer to Documentation/process/submitting-patches.rst section
14 "The canonical patch format". I would recommend shortening it to
something like "ima: fix hash algorithm initialization".
The patch description should start out with a concise explanation of
the current status, followed by the problem description and end with
the solution. For example,
The hash_setup function always sets the hash_setup_done flag, even
when the hash algorithm is invalid. This prevents the default hash
algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used.
This patch sets hash_setup_done flag only for valid hash algorithms.
Mimi
> Signed-off-by: Boshi Wang <wangboshi@huawei.com>
> ---
> security/integrity/ima/ima_main.c | 4 ++++
> 1 file changed, 4 insertions(+)
>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index 2aebb79..ab70a39 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -51,6 +51,8 @@ static int __init hash_setup(char *str)
> ima_hash_algo = HASH_ALGO_SHA1;
> else if (strncmp(str, "md5", 3) == 0)
> ima_hash_algo = HASH_ALGO_MD5;
> + else
> + return 1;
> goto out;
> }
>
> @@ -60,6 +62,8 @@ static int __init hash_setup(char *str)
> break;
> }
> }
> + if (i == HASH_ALGO__LAST)
> + return 1;
> out:
> hash_setup_done = 1;
> return 1;
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [PATCH] ima: fix ineffective default hash algorithm due to invalid hash algorithm boot argument
2017-10-19 15:05 ` Mimi Zohar
@ 2017-10-20 2:14 ` Boshi Wang
0 siblings, 0 replies; 3+ messages in thread
From: Boshi Wang @ 2017-10-20 2:14 UTC (permalink / raw)
To: Mimi Zohar, linux-integrity
On 2017/10/19 23:05, Mimi Zohar wrote:
> On Wed, 2017-10-18 at 11:38 +0800, Boshi Wang wrote:
>> The hash_setup function always sets hash_setup_done variable. If an
>> invalid hash algorithm is passed, the default hash algorithm specified
>> by CONFIG_IMA_DEFAULT_HASH could not be used.
> The Subject line of this email is too long and needs to be clearer.
> Please refer to Documentation/process/submitting-patches.rst section
> 14 "The canonical patch format". I would recommend shortening it to
> something like "ima: fix hash algorithm initialization".
>
> The patch description should start out with a concise explanation of
> the current status, followed by the problem description and end with
> the solution. For example,
>
> The hash_setup function always sets the hash_setup_done flag, even
> when the hash algorithm is invalid. This prevents the default hash
> algorithm defined as CONFIG_IMA_DEFAULT_HASH from being used.
>
> This patch sets hash_setup_done flag only for valid hash algorithms.
Thank you for your advice. I will change the subject and the patch description
in the next version.
>
> Mimi
>
>> Signed-off-by: Boshi Wang <wangboshi@huawei.com>
>> ---
>> security/integrity/ima/ima_main.c | 4 ++++
>> 1 file changed, 4 insertions(+)
>>
>> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
>> index 2aebb79..ab70a39 100644
>> --- a/security/integrity/ima/ima_main.c
>> +++ b/security/integrity/ima/ima_main.c
>> @@ -51,6 +51,8 @@ static int __init hash_setup(char *str)
>> ima_hash_algo = HASH_ALGO_SHA1;
>> else if (strncmp(str, "md5", 3) == 0)
>> ima_hash_algo = HASH_ALGO_MD5;
>> + else
>> + return 1;
>> goto out;
>> }
>>
>> @@ -60,6 +62,8 @@ static int __init hash_setup(char *str)
>> break;
>> }
>> }
>> + if (i == HASH_ALGO__LAST)
>> + return 1;
>> out:
>> hash_setup_done = 1;
>> return 1;
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2017-10-20 2:16 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-10-18 3:38 [PATCH] ima: fix ineffective default hash algorithm due to invalid hash algorithm boot argument Boshi Wang
2017-10-19 15:05 ` Mimi Zohar
2017-10-20 2:14 ` Boshi Wang
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).