From: Huaxin Lu Date: Tue, 5 Jul 2022 05:14:17 +0000 (+0800) Subject: ima: Fix a potential integer overflow in ima_appraise_measurement X-Git-Tag: v6.1-rc5~757^2~4 X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=d2ee2cfc4aa85ff6a2a3b198a3a524ec54e3d999;p=platform%2Fkernel%2Flinux-starfive.git ima: Fix a potential integer overflow in ima_appraise_measurement When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be negative, which may cause the integer overflow problem. Fixes: 39b07096364a ("ima: Implement support for module-style appended signatures") Signed-off-by: Huaxin Lu Signed-off-by: Mimi Zohar --- diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c index cdb84dc..bde74fc 100644 --- a/security/integrity/ima/ima_appraise.c +++ b/security/integrity/ima/ima_appraise.c @@ -514,7 +514,8 @@ int ima_appraise_measurement(enum ima_hooks func, goto out; } - status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint); + status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, + rc < 0 ? 0 : rc, iint); switch (status) { case INTEGRITY_PASS: case INTEGRITY_PASS_IMMUTABLE: