| From 95804ed1d1d0637f5da6e80f59df2af5399ac934 Mon Sep 17 00:00:00 2001 |
| From: Sasha Levin <sashal@kernel.org> |
| Date: Tue, 2 Jul 2019 10:00:40 +0200 |
| Subject: ima: always return negative code for error |
| |
| From: Sascha Hauer <s.hauer@pengutronix.de> |
| |
| [ Upstream commit f5e1040196dbfe14c77ce3dfe3b7b08d2d961e88 ] |
| |
| integrity_kernel_read() returns the number of bytes read. If this is |
| a short read then this positive value is returned from |
| ima_calc_file_hash_atfm(). Currently this is only indirectly called from |
| ima_calc_file_hash() and this function only tests for the return value |
| being zero or nonzero and also doesn't forward the return value. |
| Nevertheless there's no point in returning a positive value as an error, |
| so translate a short read into -EINVAL. |
| |
| Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> |
| Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> |
| Signed-off-by: Sasha Levin <sashal@kernel.org> |
| --- |
| security/integrity/ima/ima_crypto.c | 5 ++++- |
| 1 file changed, 4 insertions(+), 1 deletion(-) |
| |
| diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c |
| index a29209fa56746..5c87baaefafb6 100644 |
| --- a/security/integrity/ima/ima_crypto.c |
| +++ b/security/integrity/ima/ima_crypto.c |
| @@ -298,8 +298,11 @@ static int ima_calc_file_hash_atfm(struct file *file, |
| rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]); |
| rc = integrity_kernel_read(file, offset, rbuf[active], |
| rbuf_len); |
| - if (rc != rbuf_len) |
| + if (rc != rbuf_len) { |
| + if (rc >= 0) |
| + rc = -EINVAL; |
| goto out3; |
| + } |
| |
| if (rbuf[1] && offset) { |
| /* Using two buffers, and it is not the first |
| -- |
| 2.20.1 |
| |
