mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-29 15:42:46 +00:00
Code Issues Releases Wiki Activity
linux-stable/security/integrity/ima
History
KP Singh aa662fc04f ima: Fix NULL pointer dereference in ima_file_hash 
ima_file_hash can be called when there is no iint->ima_hash available
even though the inode exists in the integrity cache. It is fairly
common for a file to not have a hash. (e.g. an mknodat, prior to the
file being closed).

Another example where this can happen (suggested by Jann Horn):

Process A does:

	while(1) {
		unlink("/tmp/imafoo");
		fd = open("/tmp/imafoo", O_RDWR|O_CREAT|O_TRUNC, 0700);
		if (fd == -1) {
			perror("open");
			continue;
		}
		write(fd, "A", 1);
		close(fd);
	}

and Process B does:

	while (1) {
		int fd = open("/tmp/imafoo", O_RDONLY);
		if (fd == -1)
			continue;
    		char *mapping = mmap(NULL, 0x1000, PROT_READ|PROT_EXEC,
			 	     MAP_PRIVATE, fd, 0);
		if (mapping != MAP_FAILED)
			munmap(mapping, 0x1000);
		close(fd);
  	}

Due to the race to get the iint->mutex between ima_file_hash and
process_measurement iint->ima_hash could still be NULL.

Fixes: 6beea7afcc ("ima: add the ability to query the cached hash of a given file")
Signed-off-by: KP Singh <kpsingh@google.com>
Reviewed-by: Florent Revest <revest@chromium.org>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
2020-09-16 17:43:02 -04:00
..
ima.h ima: Rename internal filter rule functions 2020-07-20 18:18:23 -04:00
ima_api.c ima: Support additional conditionals in the KEXEC_CMDLINE hook function 2020-07-20 13:28:16 -04:00
ima_appraise.c ima: limit secure boot feedback scope for appraise 2020-09-09 20:01:55 -04:00
ima_asymmetric_keys.c ima: Support additional conditionals in the KEXEC_CMDLINE hook function 2020-07-20 13:28:16 -04:00
ima_crypto.c ima: Don't ignore errors from crypto_shash_update() 2020-09-15 13:47:37 -04:00
ima_fs.c integrity-v5.8 2020-06-06 09:39:05 -07:00
ima_init.c ima: Call ima_calc_boot_aggregate() in ima_eventdigest_init() 2020-06-03 17:20:43 -04:00
ima_kexec.c integrity: Remove duplicate pr_fmt definitions 2020-02-28 14:32:58 -05:00
ima_main.c ima: Fix NULL pointer dereference in ima_file_hash 2020-09-16 17:43:02 -04:00
ima_modsig.c ima: Move comprehensive rule validation checks out of the token parser 2020-07-20 13:28:15 -04:00
ima_mok.c Revert "Merge tag 'keys-acl-20190703' of git://git.kernel.org/pub/scm/linux/kernel/git/dhowells/linux-fs" 2019-07-10 18:43:43 -07:00
ima_policy.c ima: Use kmemdup rather than kmalloc+memcpy 2020-09-15 09:57:48 -04:00
ima_queue.c ima: Remove semicolon at the end of ima_get_binary_runtime_size() 2020-09-15 13:47:41 -04:00
ima_queue_keys.c ima: Support additional conditionals in the KEXEC_CMDLINE hook function 2020-07-20 13:28:16 -04:00
ima_template.c Minor fixes for v5.9. 2020-08-11 14:30:36 -07:00
ima_template_lib.c Minor fixes for v5.9. 2020-08-11 14:30:36 -07:00
ima_template_lib.h Replace HTTP links with HTTPS ones: security 2020-08-06 12:00:05 -07:00
Kconfig Minor fixes for v5.9. 2020-08-11 14:30:36 -07:00
Makefile IMA: Update KBUILD_MODNAME for IMA files to ima 2020-02-28 14:32:58 -05:00