mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
synced 2024-10-02 15:18:19 +00:00
ima: Fix a potential integer overflow in ima_appraise_measurement
[ Upstream commitd2ee2cfc4a
] When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be negative, which may cause the integer overflow problem. Fixes:39b0709636
("ima: Implement support for module-style appended signatures") Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
This commit is contained in:
parent
72f231b9a8
commit
388f3df7c3
1 changed files with 2 additions and 1 deletions
|
@ -352,7 +352,8 @@ int ima_appraise_measurement(enum ima_hooks func,
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
|
|
||||||
status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);
|
status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value,
|
||||||
|
rc < 0 ? 0 : rc, iint);
|
||||||
switch (status) {
|
switch (status) {
|
||||||
case INTEGRITY_PASS:
|
case INTEGRITY_PASS:
|
||||||
case INTEGRITY_PASS_IMMUTABLE:
|
case INTEGRITY_PASS_IMMUTABLE:
|
||||||
|
|
Loading…
Reference in a new issue