On Tue, Jan 11, 2022 at 12:37:48PM +0100, Michal Suchanek wrote: > Multiple users of mod_check_sig check for the marker, then call > mod_check_sig, extract signature length, and remove the signature. > > Put this code in one place together with mod_check_sig. > > This changes the error from ENOENT to ENODATA for ima_read_modsig in the > case the signature marker is missing. > > This also changes the buffer length in ima_read_modsig from size_t to > unsigned long. This reduces the possible value range on 32bit but the > length refers to kernel in-memory buffer which cannot be longer than > ULONG_MAX. > > Also change mod_check_sig to unsigned long while at it. > > Signed-off-by: Michal Suchanek <msuchanek@xxxxxxx> Reviewed-by: Luis Chamberlain <mcgrof@xxxxxxxxxx> Luis
