On Mon, Nov 11, 2019 at 02:23:48PM -0500, Patrick Callaghan wrote:
> The integrity_kernel_read() call in ima_calc_file_hash_tfm() can return
> a value of 0 before all bytes of the file are read. A value of 0 would
> normally indicate an EOF. This has been observed if a user process is
> causing a file appraisal and is terminated with a SIGTERM signal. The
> most common occurrence of seeing the problem is if a shutdown or systemd
> reload is initiated while files are being appraised.
>
> The problem is similar to commit <f5e1040196db> (ima: always return
> negative code for error) that fixed the problem in
> ima_calc_file_hash_atfm().
>
> Suggested-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
> Signed-off-by: Patrick Callaghan <patrickc@xxxxxxxxxxxxx>
> ---
> security/integrity/ima/ima_crypto.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c
> index 73044fc..7967a69 100644
> --- a/security/integrity/ima/ima_crypto.c
> +++ b/security/integrity/ima/ima_crypto.c
> @@ -362,8 +362,10 @@ static int ima_calc_file_hash_tfm(struct file *file,
> rc = rbuf_len;
> break;
> }
> - if (rbuf_len == 0)
> + if (rbuf_len == 0) { /* unexpected EOF */
> + rc = -EINVAL;
> break;
> + }
There's no point in calling crypto_shash_final() on incomplete data, so
setting rc to an error to avoid that seems the right thing to do to me,
so:
Reviewed-by: Sascha Hauer <s.hauer@xxxxxxxxxxxxxx>
Sascha
--
Pengutronix e.K. | |
Steuerwalder Str. 21 | http://www.pengutronix.de/ |
31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
