Commit 27551dbe authored Jul 02, 2019 by Sascha Hauer Committed by Greg Kroah-Hartman Oct 11, 2019

ima: always return negative code for error



[ Upstream commit f5e1040196dbfe14c77ce3dfe3b7b08d2d961e88 ]

integrity_kernel_read() returns the number of bytes read. If this is
a short read then this positive value is returned from
ima_calc_file_hash_atfm(). Currently this is only indirectly called from
ima_calc_file_hash() and this function only tests for the return value
being zero or nonzero and also doesn't forward the return value.
Nevertheless there's no point in returning a positive value as an error,
so translate a short read into -EINVAL.

Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 77ed4fcf

security/integrity/ima/ima_crypto.c

+4 −1

Original line number	Diff line number	Diff line
		@@ -293,8 +293,11 @@ static int ima_calc_file_hash_atfm(struct file *file,
		rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]);
		rc = integrity_kernel_read(file, offset, rbuf[active],
		rbuf_len);
		if (rc != rbuf_len)
		if (rc != rbuf_len) {
		if (rc >= 0)
		rc = -EINVAL;
		goto out3;
		}

		if (rbuf[1] && offset) {
		/* Using two buffers, and it is not the first