Merge remote-tracking branch 'asoc/for-5.10' into asoc-linus

author: Mark Brown <broonie@kernel.org> 2020-12-11 17:47:55 +0000
committer: Mark Brown <broonie@kernel.org> 2020-12-11 17:47:55 +0000
commit: 031616c434db05ce766f76c62865f55698e0924f (patch)
tree: 7f29aa1ff3e7b51a8058cd570fb785c6e769b245 /security/integrity/evm/evm_main.c
parent: 064841ccfc49b2315dc0b797239862d3a343aa07 (diff)
parent: 85a7555575a0e48f9b73db310d0d762a08a46d63 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/security/integrity/evm/evm_main.c b/security/integrity/evm/evm_main.c
index 0d36259b690d..76d19146d74b 100644
--- a/security/integrity/evm/evm_main.c
+++ b/security/integrity/evm/evm_main.c
@@ -59,6 +59,9 @@ static int __init evm_set_fixmode(char *str)
 {
 	if (strncmp(str, "fix", 3) == 0)
 		evm_fixmode = 1;
+	else
+		pr_err("invalid \"%s\" mode", str);
+
 	return 0;
 }
 __setup("evm=", evm_set_fixmode);
@@ -181,6 +184,12 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
 		break;
 	case EVM_IMA_XATTR_DIGSIG:
 	case EVM_XATTR_PORTABLE_DIGSIG:
+		/* accept xattr with non-empty signature field */
+		if (xattr_len <= sizeof(struct signature_v2_hdr)) {
+			evm_status = INTEGRITY_FAIL;
+			goto out;
+		}
+
 		hdr = (struct signature_v2_hdr *)xattr_data;
 		digest.hdr.algo = hdr->hash_algo;
 		rc = evm_calc_hash(dentry, xattr_name, xattr_value,
author	Mark Brown <broonie@kernel.org>	2020-12-11 17:47:55 +0000
committer	Mark Brown <broonie@kernel.org>	2020-12-11 17:47:55 +0000
commit	031616c434db05ce766f76c62865f55698e0924f (patch)
tree	7f29aa1ff3e7b51a8058cd570fb785c6e769b245 /security/integrity/evm/evm_main.c
parent	064841ccfc49b2315dc0b797239862d3a343aa07 (diff)
parent	85a7555575a0e48f9b73db310d0d762a08a46d63 (diff)