| From 0e4358b0a0c53e51263dd21f0b20937cbe4bd257 Mon Sep 17 00:00:00 2001 |
| From: Sascha Hauer <s.hauer@pengutronix.de> |
| Date: Tue, 2 Jul 2019 10:00:40 +0200 |
| Subject: [PATCH] ima: always return negative code for error |
| |
| commit f5e1040196dbfe14c77ce3dfe3b7b08d2d961e88 upstream. |
| |
| integrity_kernel_read() returns the number of bytes read. If this is |
| a short read then this positive value is returned from |
| ima_calc_file_hash_atfm(). Currently this is only indirectly called from |
| ima_calc_file_hash() and this function only tests for the return value |
| being zero or nonzero and also doesn't forward the return value. |
| Nevertheless there's no point in returning a positive value as an error, |
| so translate a short read into -EINVAL. |
| |
| Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> |
| Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
| Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> |
| |
| diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c |
| index d4c7b8e1b083..7532b062be59 100644 |
| --- a/security/integrity/ima/ima_crypto.c |
| +++ b/security/integrity/ima/ima_crypto.c |
| @@ -268,8 +268,11 @@ static int ima_calc_file_hash_atfm(struct file *file, |
| rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]); |
| rc = integrity_kernel_read(file, offset, rbuf[active], |
| rbuf_len); |
| - if (rc != rbuf_len) |
| + if (rc != rbuf_len) { |
| + if (rc >= 0) |
| + rc = -EINVAL; |
| goto out3; |
| + } |
| |
| if (rbuf[1] && offset) { |
| /* Using two buffers, and it is not the first |
| -- |
| 2.7.4 |
| |
