summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorSascha Hauer <s.hauer@pengutronix.de>2019-07-02 10:00:40 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2019-10-11 18:21:10 +0200
commitb69c3085fcc6839b2c86cab3b7ac9a38495a73ae (patch)
tree3dde972fa749cc723b8566485f1f2f9928780ff8 /security
parent6df3c66de09de4e5a4e9564e19d156480caf1050 (diff)
downloadlinux-stable-b69c3085fcc6839b2c86cab3b7ac9a38495a73ae.tar.gz
linux-stable-b69c3085fcc6839b2c86cab3b7ac9a38495a73ae.tar.bz2
linux-stable-b69c3085fcc6839b2c86cab3b7ac9a38495a73ae.zip
ima: always return negative code for error
[ Upstream commit f5e1040196dbfe14c77ce3dfe3b7b08d2d961e88 ] integrity_kernel_read() returns the number of bytes read. If this is a short read then this positive value is returned from ima_calc_file_hash_atfm(). Currently this is only indirectly called from ima_calc_file_hash() and this function only tests for the return value being zero or nonzero and also doesn't forward the return value. Nevertheless there's no point in returning a positive value as an error, so translate a short read into -EINVAL. Signed-off-by: Sascha Hauer <s.hauer@pengutronix.de> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_crypto.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
index d9e7728027c6..b7822d2b7973 100644
--- a/security/integrity/ima/ima_crypto.c
+++ b/security/integrity/ima/ima_crypto.c
@@ -271,8 +271,11 @@ static int ima_calc_file_hash_atfm(struct file *file,
rbuf_len = min_t(loff_t, i_size - offset, rbuf_size[active]);
rc = integrity_kernel_read(file, offset, rbuf[active],
rbuf_len);
- if (rc != rbuf_len)
+ if (rc != rbuf_len) {
+ if (rc >= 0)
+ rc = -EINVAL;
goto out3;
+ }
if (rbuf[1] && offset) {
/* Using two buffers, and it is not the first