linux-ima-devel

[Vivek G. <vg...@re...>]

Oops, sent it to dmitry's old email address.

Vivek
----- Forwarded message from Vivek Goyal <vg...@re...> -----

Date: Wed, 10 Jul 2013 16:31:24 -0400
From: Vivek Goyal <vg...@re...>
To: "Kasatkin, Dmitry" <dmi...@in...>
Cc: lin...@li...
Subject: [PATCH] evmctl: Fix hash array size in verify_ima()
User-Agent: Mutt/1.5.21 (2010-09-15)
Message-ID: <201...@re...>

Now evmctl supports different hash algorithms and sha512 will produce
64 byte digest. verify_ima() still allocates only 20bytes to store hash.
This does not work with larger hashes.

Signed-off-by: Vivek Goyal <vg...@re...>
---
 src/evmctl.c |   12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

Index: ima-evm-utils/src/evmctl.c
===================================================================
--- ima-evm-utils.orig/src/evmctl.c	2013-07-10 16:09:28.295186620 -0400
+++ ima-evm-utils/src/evmctl.c	2013-07-10 16:10:07.471634450 -0400
@@ -1213,13 +1213,13 @@ static int cmd_verify_evm(struct command
 
 static int verify_ima(const char *file, const char *key)
 {
-	unsigned char hash[20];
+	unsigned char hash[64];
 	unsigned char sig[1024];
-	int len;
+	int len, hashlen;
 
-	len = calc_hash(file, hash);
-	if (len <= 1)
-		return len;
+	hashlen = calc_hash(file, hash);
+	if (hashlen <= 1)
+		return hashlen;
 
 	if (xattr) {
 		len = getxattr(file, "security.ima", sig, sizeof(sig));
@@ -1242,7 +1242,7 @@ static int verify_ima(const char *file,
 		return -1;
 	}
 
-	return verify_hash(hash, sizeof(hash), sig + 1, len - 1, key);
+	return verify_hash(hash, hashlen, sig + 1, len - 1, key);
 }
 
 static int cmd_verify_ima(struct command *cmd)

----- End forwarded message -----