From: Mimi Zohar <zohar@linux.vnet.ibm.com>
Date: Mon, 28 Jul 2014 11:59:49 +0000 (-0400)
Subject: ima: fix ima_alloc_atfm()
X-Git-Tag: fixes-against-v3.18-rc2~106^2~12^2~18
X-Git-Url: http://git.openpandora.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9a8d289fbcb7dfd1fc74959e9930b406e76b2002;p=pandora-kernel.git

ima: fix ima_alloc_atfm()

The patch 3bcced39ea7d: "ima: use ahash API for file hash
calculation" from Feb 26, 2014, leads to the following static checker
warning:

security/integrity/ima/ima_crypto.c:204 ima_alloc_atfm()
         error: buffer overflow 'hash_algo_name' 17 <= 17

Unlike shash tfm memory, which is allocated on initialization, the
ahash tfm memory allocation is deferred until needed.

This patch fixes the case where ima_ahash_tfm has not yet been
allocated and the file's signature/hash xattr contains an invalid hash
algorithm.  Although we can not verify the xattr, we still need to
measure the file.  Use the default IMA hash algorithm.

Changelog:
- set valid algo before testing tfm - based on Dmitry's comment

Reported-by: Dan Carpenter <dan.carpenter@oracle.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
---

Reading git-diff-tree failed