]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commitdiff
projects / mirror_ubuntu-artful-kernel.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 1: 9f76628)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux...
authorJames Morris <james.l.morris@oracle.com>
Wed, 29 Oct 2014 04:03:54 +0000 (15:03 +1100)
committerJames Morris <james.l.morris@oracle.com>
Wed, 29 Oct 2014 04:03:54 +0000 (15:03 +1100)
security/integrity/evm/evm_main.c patch | blob | blame | history
security/integrity/ima/ima_appraise.c patch | blob | blame | history
security/integrity/integrity.h patch | blob | blame | history

diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 9685af330de5db40f4d7d097ea736b377dd68b36..c5ee1a7c5e8a0a361a8fb21de3ee236faba3804a 100644 (file)
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -319,9 +319,12 @@ int evm_inode_setxattr(struct dentry *dentry, const char *xattr_name,
 {
        const struct evm_ima_xattr_data *xattr_data = xattr_value;
 
-       if ((strcmp(xattr_name, XATTR_NAME_EVM) == 0)
-           && (xattr_data->type == EVM_XATTR_HMAC))
-               return -EPERM;
+       if (strcmp(xattr_name, XATTR_NAME_EVM) == 0) {
+               if (!xattr_value_len)
+                       return -EINVAL;
+               if (xattr_data->type != EVM_IMA_XATTR_DIGSIG)
+                       return -EPERM;
+       }
        return evm_protect_xattr(dentry, xattr_name, xattr_value,
                                 xattr_value_len);
 }
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index 922685483bd3625355af6202bb435728ac62c11f..7c8f41e618b6bf41bf5909b89335b465d16512c8 100644 (file)
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -378,6 +378,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
        result = ima_protect_xattr(dentry, xattr_name, xattr_value,
                                   xattr_value_len);
        if (result == 1) {
+               if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))
+                       return -EINVAL;
                ima_reset_appraise_flags(dentry->d_inode,
                         (xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);
                result = 0;
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index c0379d13dbe16f8d4c9705e1c80fd8b2c7b0e4df..9d1c2ebfe12a71d872727fe6f36716ec0a03c5d5 100644 (file)
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -61,6 +61,7 @@ enum evm_ima_xattr_type {
        EVM_XATTR_HMAC,
        EVM_IMA_XATTR_DIGSIG,
        IMA_XATTR_DIGEST_NG,
+       IMA_XATTR_LAST
 };
 
 struct evm_ima_xattr_data {
Ubuntu Artful kernel mirror