[PATCH v6 openEuler-23.09 46/46] ima: bugfix for digest lists importing

From: shenxiangwei shenxiangwei1@huawei.com

euleros inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7QZ2M CVE: NA

-------------------------------------------------

The check for control character shouldn't be added when import a binary digest list.

Signed-off-by: shenxiangwei shenxiangwei1@huawei.com Reviewed-by: Lu Huaxin luhuaxin1@huawei.com Reviewed-by: Roberto Sassu roberto.sassu@huawei.com Signed-off-by: Zheng Zengkai zhengzengkai@huawei.com Signed-off-by: zhoushuiqing zhoushuiqing2@huawei.com --- security/integrity/ima/ima_fs.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 237628466eb38..4b7c075a1837b 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -456,14 +456,6 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, goto out_free;

data[datalen] = '\0'; - - for (i = 0; data[i] != '\n' && data[i] != '\0'; i++) { - if (iscntrl(data[i])) { - pr_err_once("invalid path (control characters are not allowed)\n"); - result = -EINVAL; - goto out_free; - } - } #else data = memdup_user_nul(buf, datalen); if (IS_ERR(data)) { @@ -478,6 +470,15 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,

if (data[0] == '/') { #ifdef CONFIG_IMA_DIGEST_LIST + for (i = 0; data[i] != '\n' && data[i] != '\0'; i++) { + if (iscntrl(data[i])) { + pr_err_once("invalid path (control characters are not allowed)\n"); + result = -EINVAL; + mutex_unlock(&ima_write_mutex); + goto out_free; + } + } + result = ima_read_file(data, dentry); } else if (dentry == ima_policy) { if (ima_appraise & IMA_APPRAISE_POLICY) {