hulk inclusion category: feature feature: digest-lists
---------------------------
This patch ensures that xattr_data_len passed by IMA is greater than 2 bytes, so that the hash algorithm can be retrieved from xattr_value. The fake xattr type is always IMA_XATTR_DIGEST_NG.
Signed-off-by: Roberto Sassu roberto.sassu@huawei.com --- security/integrity/evm/evm_main.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c index 61172bd96780..d4363cad7696 100644 --- a/security/integrity/evm/evm_main.c +++ b/security/integrity/evm/evm_main.c @@ -178,7 +178,7 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry, /* IMA added a fake xattr, set also EVM fake xattr */ if (!ima_present && xattr_name && !strcmp(xattr_name, XATTR_NAME_IMA) && - xattr_value_len >= sizeof(struct evm_ima_xattr_data)) { + xattr_value_len > 2) { evm_fake_xattr.hash_algo = ((struct evm_ima_xattr_data *)xattr_value)->digest[0]; xattr_data =