mirror of
https://git.kernel.org/pub/scm/linux/kernel/git/next/linux-next.git
synced 2025-01-09 23:39:18 +00:00
evm: prevent passing integrity check if xattr read fails
This patch fixes a bug, where evm_verify_hmac() returns INTEGRITY_PASS if inode->i_op->getxattr() returns an error in evm_find_protected_xattrs. Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
This commit is contained in:
parent
e7d021e283
commit
1f1009791b
@ -126,14 +126,15 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
|
||||
rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0,
|
||||
GFP_NOFS);
|
||||
if (rc <= 0) {
|
||||
if (rc == 0)
|
||||
evm_status = INTEGRITY_FAIL; /* empty */
|
||||
else if (rc == -ENODATA) {
|
||||
evm_status = INTEGRITY_FAIL;
|
||||
if (rc == -ENODATA) {
|
||||
rc = evm_find_protected_xattrs(dentry);
|
||||
if (rc > 0)
|
||||
evm_status = INTEGRITY_NOLABEL;
|
||||
else if (rc == 0)
|
||||
evm_status = INTEGRITY_NOXATTRS; /* new file */
|
||||
} else if (rc == -EOPNOTSUPP) {
|
||||
evm_status = INTEGRITY_UNKNOWN;
|
||||
}
|
||||
goto out;
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user