Home Explore Help
Sign In
GfA
/
linux_kernel
5
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

evm: prevent passing integrity check if xattr read fails

This patch fixes a bug, where evm_verify_hmac() returns INTEGRITY_PASS
if inode->i_op->getxattr() returns an error in evm_find_protected_xattrs.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Dmitry Kasatkin 11 years ago
parent
e7d021e283
commit
1f1009791b
1 changed files with 4 additions and 3 deletions
Unified View Show Diff Stats
  1. 4 3
      security/integrity/evm/evm_main.c

+ 4 - 3
security/integrity/evm/evm_main.c
View File 

@@ -126,14 +126,15 @@ static enum integrity_status evm_verify_hmac(struct dentry *dentry,
 
 	rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0,
 
 	rc = vfs_getxattr_alloc(dentry, XATTR_NAME_EVM, (char **)&xattr_data, 0,
 
 				GFP_NOFS);
 
 				GFP_NOFS);
 
 	if (rc <= 0) {
 
 	if (rc <= 0) {
 
-		if (rc == 0)
 
-			evm_status = INTEGRITY_FAIL; /* empty */
 
-		else if (rc == -ENODATA) {
 
+		evm_status = INTEGRITY_FAIL;
 
+		if (rc == -ENODATA) {
 
 			rc = evm_find_protected_xattrs(dentry);
 
 			rc = evm_find_protected_xattrs(dentry);
 
 			if (rc > 0)
 
 			if (rc > 0)
 
 				evm_status = INTEGRITY_NOLABEL;
 
 				evm_status = INTEGRITY_NOLABEL;
 
 			else if (rc == 0)
 
 			else if (rc == 0)
 
 				evm_status = INTEGRITY_NOXATTRS; /* new file */
 
 				evm_status = INTEGRITY_NOXATTRS; /* new file */
 
+		} else if (rc == -EOPNOTSUPP) {
 
+			evm_status = INTEGRITY_UNKNOWN;
 
 		}
 
 		}
 
 		goto out;
 
 		goto out;
 
 	}
 
 	}