From: Kasatkin, D. <dmi...@in...> - 2013-01-08 12:49:19
|
On Sun, Jan 6, 2013 at 11:40 PM, Amadeusz Sławiński <am...@as...> wrote: > Hello, > > I noticed that 'evmctl ima_hash file' will fail on big files and after a bit of > investigation found that code assumes that file size will fit in int > which may not always be the case. > > # evmctl ima_hash /swapfile > *** buffer overflow detected ***: evmctl - terminated > evmctl: buffer overflow attack in function <unknown> - terminated > Report to http://bugs.gentoo.org/ > zsh: killed evmctl ima_hash /swapfile > # ls -lh /swapfile > -rw-r--r--. 1 root root 3.0G Sep 13 14:07 /swapfile > # ls -l /swapfile > -rw-r--r--. 1 root root 3221225472 Sep 13 14:07 /swapfile > > After applying attached patch changing get_fdsize it works without problem. > > There is also similar code in get_filesize, but I havent't changed it, it is > used later to pass filesize to malloc() in file2bin and I'm not sure if it > will work with such big files. > > Amadeusz > Hello Amadeusz, Thanks for fix! - Dmitry > ------------------------------------------------------------------------------ > Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS, > MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current > with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft > MVPs and experts. SALE $99.99 this month only -- learn more at: > http://p.sf.net/sfu/learnmore_122412 > _______________________________________________ > Linux-ima-user mailing list > Lin...@li... > https://lists.sourceforge.net/lists/listinfo/linux-ima-user > |