[PATCH v3 2/4] integrity: Check that algo parameter is within valid range

Next message: pr-tracker-bot: "Re: [GIT PULL] smbdirect ksmbd and cifs changes"
Previous message: Stefan Berger: "[PATCH v3 1/4] integrity: Check for NULL returned by asymmetric_key_public_key"
In reply to: Stefan Berger: "[PATCH v3 1/4] integrity: Check for NULL returned by asymmetric_key_public_key"
Next in thread: Stefan Berger: "[PATCH v3 3/4] integrity: Refactor asymmetric_verify for reusability"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Stefan Berger

Date: Thu Apr 16 2026 - 11:42:39 EST

Check that the algo parameter passed to calc_file_id_hash is within valid
range. Do this in asymmetric_verify_v3 since this value will also be passed
to a hashless signature verification function from here.

Signed-off-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
security/integrity/digsig_asymmetric.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/security/integrity/digsig_asymmetric.c b/security/integrity/digsig_asymmetric.c
index a791ad43b3fb..ed171a627d18 100644
--- a/security/integrity/digsig_asymmetric.c
+++ b/security/integrity/digsig_asymmetric.c
@@ -139,7 +139,7 @@ int asymmetric_verify(struct key *keyring, const char *sig,
/*
* calc_file_id_hash - calculate the hash of the ima_file_id struct data
* @type: xattr type [enum evm_ima_xattr_type]
- * @algo: hash algorithm [enum hash_algo]
+ * @algo: hash algorithm [enum hash_algo]; caller must ensure valid value
* @digest: pointer to the digest to be hashed
* @hash: (out) pointer to the hash
*
@@ -187,6 +187,9 @@ int asymmetric_verify_v3(struct key *keyring, const char *sig, int siglen,
struct ima_max_digest_data hash;
int rc;

+ if (algo >= HASH_ALGO__LAST)
+ return -ENOPKG;
+
rc = calc_file_id_hash(hdr->type, algo, data, &hash);
if (rc)
return -EINVAL;
--
2.53.0