From: Vitaly Chikunov <vt@altlinux.org>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
linux-integrity@vger.kernel.org
Cc: Vitaly Chikunov <vt@altlinux.org>
Subject: [PATCH v2 2/7] ima-evm-utils: Define hash and sig buffer sizes and add asserts
Date: Wed, 28 Nov 2018 23:06:05 +0300 [thread overview]
Message-ID: <20181128200610.21214-2-vt@altlinux.org> (raw)
In-Reply-To: <20181128200610.21214-1-vt@altlinux.org>
To prevent hash and sig buffers size mismatch, define their maximum
sizes and add sanity checking asserts.
Suggested-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Vitaly Chikunov <vt@altlinux.org>
---
Changes since v1:
- New patch.
src/evmctl.c | 35 ++++++++++++++++++++++-------------
src/imaevm.h | 3 +++
src/libimaevm.c | 4 +++-
3 files changed, 28 insertions(+), 14 deletions(-)
diff --git a/src/evmctl.c b/src/evmctl.c
index f8035da..f53c684 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -505,15 +505,17 @@ static int calc_evm_hash(const char *file, unsigned char *hash)
static int sign_evm(const char *file, const char *key)
{
- unsigned char hash[64];
- unsigned char sig[1024];
+ unsigned char hash[MAX_DIGEST_SIZE];
+ unsigned char sig[MAX_SIGNATURE_SIZE];
int len, err;
len = calc_evm_hash(file, hash);
+ assert(len <= sizeof(hash));
if (len <= 1)
return len;
len = sign_hash(params.hash_algo, hash, len, key, NULL, sig + 1);
+ assert(len < sizeof(sig));
if (len <= 1)
return len;
@@ -543,7 +545,7 @@ static int sign_evm(const char *file, const char *key)
static int hash_ima(const char *file)
{
- unsigned char hash[66]; /* MAX hash size + 2 */
+ unsigned char hash[MAX_DIGEST_SIZE + 2];
int len, err, offset;
int algo = get_hash_algo(params.hash_algo);
@@ -557,6 +559,7 @@ static int hash_ima(const char *file)
}
len = ima_calc_hash(file, hash + offset);
+ assert(len + offset <= sizeof(hash));
if (len <= 1)
return len;
@@ -581,15 +584,17 @@ static int hash_ima(const char *file)
static int sign_ima(const char *file, const char *key)
{
- unsigned char hash[64];
- unsigned char sig[1024];
+ unsigned char hash[MAX_DIGEST_SIZE];
+ unsigned char sig[MAX_SIGNATURE_SIZE];
int len, err;
len = ima_calc_hash(file, hash);
+ assert(len <= sizeof(hash));
if (len <= 1)
return len;
len = sign_hash(params.hash_algo, hash, len, key, NULL, sig + 1);
+ assert(len < sizeof(sig));
if (len <= 1)
return len;
@@ -695,8 +700,8 @@ static int cmd_sign_hash(struct command *cmd)
int hashlen = 0;
size_t line_len;
ssize_t len;
- unsigned char hash[64];
- unsigned char sig[1024] = "\x03";
+ unsigned char hash[MAX_DIGEST_SIZE];
+ unsigned char sig[MAX_SIGNATURE_SIZE] = "\x03";
int siglen;
key = params.keyfile ? : "/etc/keys/privkey_evm.pem";
@@ -711,9 +716,11 @@ static int cmd_sign_hash(struct command *cmd)
token = strpbrk(line, ", \t");
hashlen = token ? token - line : strlen(line);
- hex2bin(hash, line, hashlen);
+ assert(hashlen / 2 <= sizeof(hash));
+ hex2bin(hash, line, hashlen / 2);
siglen = sign_hash(params.hash_algo, hash, hashlen/2,
key, NULL, sig + 1);
+ assert(siglen < sizeof(sig));
if (siglen <= 1)
return siglen;
@@ -761,8 +768,8 @@ static int cmd_sign_evm(struct command *cmd)
static int verify_evm(const char *file)
{
- unsigned char hash[64];
- unsigned char sig[1024];
+ unsigned char hash[MAX_DIGEST_SIZE];
+ unsigned char sig[MAX_SIGNATURE_SIZE];
int mdlen;
int len;
@@ -804,12 +811,13 @@ static int cmd_verify_evm(struct command *cmd)
static int verify_ima(const char *file)
{
- unsigned char sig[1024];
+ unsigned char sig[MAX_SIGNATURE_SIZE];
int len;
if (sigfile) {
void *tmp = file2bin(file, "sig", &len);
+ assert(len <= sizeof(sig));
memcpy(sig, tmp, len);
free(tmp);
} else {
@@ -1138,8 +1146,8 @@ out:
static int hmac_evm(const char *file, const char *key)
{
- unsigned char hash[64];
- unsigned char sig[1024];
+ unsigned char hash[MAX_DIGEST_SIZE];
+ unsigned char sig[MAX_SIGNATURE_SIZE];
int len, err;
len = calc_evm_hmac(file, key, hash);
@@ -1149,6 +1157,7 @@ static int hmac_evm(const char *file, const char *key)
log_info("hmac: ");
log_dump(hash, len);
+ assert(len < sizeof(sig));
memcpy(sig + 1, hash, len);
if (xattr) {
diff --git a/src/imaevm.h b/src/imaevm.h
index 1bafaad..2ebe7e7 100644
--- a/src/imaevm.h
+++ b/src/imaevm.h
@@ -75,6 +75,9 @@
#define DATA_SIZE 4096
#define SHA1_HASH_LEN 20
+#define MAX_DIGEST_SIZE 64
+#define MAX_SIGNATURE_SIZE 1024
+
#define __packed __attribute__((packed))
enum evm_ima_xattr_type {
diff --git a/src/libimaevm.c b/src/libimaevm.c
index 6fa0ed4..80b61a2 100644
--- a/src/libimaevm.c
+++ b/src/libimaevm.c
@@ -49,6 +49,7 @@
#include <dirent.h>
#include <string.h>
#include <stdio.h>
+#include <assert.h>
#include <openssl/pem.h>
#include <openssl/evp.h>
@@ -590,7 +591,7 @@ int verify_hash(const char *file, const unsigned char *hash, int size, unsigned
int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
unsigned char *digest, int digestlen)
{
- unsigned char hash[64];
+ unsigned char hash[MAX_DIGEST_SIZE];
int hashlen, sig_hash_algo;
if (sig[0] != 0x03) {
@@ -614,6 +615,7 @@ int ima_verify_signature(const char *file, unsigned char *sig, int siglen,
return verify_hash(file, digest, digestlen, sig + 1, siglen - 1);
hashlen = ima_calc_hash(file, hash);
+ assert(hashlen <= sizeof(hash));
if (hashlen <= 1)
return hashlen;
--
2.11.0
next prev parent reply other threads:[~2018-11-28 20:06 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-28 20:06 [PATCH v2 1/7] ima-evm-utils: Fix hash buffer overflow in verify_evm and hmac_evm Vitaly Chikunov
2018-11-28 20:06 ` Vitaly Chikunov [this message]
2018-11-30 19:21 ` [PATCH v2 2/7] ima-evm-utils: Define hash and sig buffer sizes and add asserts Mimi Zohar
2018-11-28 20:06 ` [PATCH v2 3/7] ima-evm-utils: Define the '--xattr-user' option for testing Vitaly Chikunov
2018-11-30 19:20 ` Mimi Zohar
2018-11-28 20:06 ` [PATCH v2 4/7] ima-evm-utils: Allow using Streebog hash function Vitaly Chikunov
2018-11-30 19:21 ` Mimi Zohar
2018-11-28 20:06 ` [PATCH v2 5/7] ima-evm-utils: Preload OpenSSL engine via '--engine' option Vitaly Chikunov
2018-11-30 19:21 ` Mimi Zohar
2018-12-01 3:01 ` Vitaly Chikunov
2018-12-02 14:47 ` Mimi Zohar
2018-11-28 20:06 ` [PATCH v2 6/7] ima-evm-utils: Extract digest algorithms from hash_info.h Vitaly Chikunov
2018-11-28 20:06 ` [PATCH v2 7/7] ima-evm-utils: Try to load digest by its alias Vitaly Chikunov
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20181128200610.21214-2-vt@altlinux.org \
--to=vt@altlinux.org \
--cc=dmitry.kasatkin@gmail.com \
--cc=linux-integrity@vger.kernel.org \
--cc=zohar@linux.vnet.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).