Commit 93dfedd1 authored by Roberto Sassu's avatar Roberto Sassu Committed by Yongqiang Liu
Browse files

ima: Don't ignore errors from crypto_shash_update() 

stable inclusion
from stable-v4.19.153
commit c470dc530c9ee6ef4b22fed19c77e20c745564e1
category: bugfix
bugzilla: 83782, https://gitee.com/openeuler/kernel/issues/I5047U


CVE: NA

-----------------------------------------------------------------

commit 60386b85 upstream.

Errors returned by crypto_shash_update() are not checked in
ima_calc_boot_aggregate_tfm() and thus can be overwritten at the next
iteration of the loop. This patch adds a check after calling
crypto_shash_update() and returns immediately if the result is not zero.

Cc: stable@vger.kernel.org
Fixes: 3323eec9 ("integrity: IMA as an integrity service provider")
Signed-off-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Signed-off-by: default avatarWang Weiyang <wangweiyang2@huawei.com>
Reviewed-by: default avatarXiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: default avatarYongqiang Liu <liuyongqiang13@huawei.com>
parent 368d710d
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment