Commit c2e74688 authored by shenxiangwei's avatar shenxiangwei Committed by Zheng Zengkai
Browse files

ima: bugfix for digest lists importing 

hulk inclusion
category: bugfix
bugzilla: https://gitee.com/openeuler/kernel/issues/I4XHBM


CVE: NA

-------------

The check for control character shouldn't be added when import a
binary digest list.

Signed-off-by: default avatarshenxiangwei <shenxiangwei1@huawei.com>
Reviewed-by: default avatarLu Huaxin <luhuaxin1@huawei.com>
Reviewed-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: default avatarZheng Zengkai <zhengzengkai@huawei.com>
parent d5872851

security/integrity/ima/ima_fs.c

+9 −7
Original line number Diff line number Diff line
@@ -389,19 +389,21 @@ static ssize_t ima_write_data(struct file *file, const char __user *buf, 
		goto out_free;



	data[datalen] = '\0';



	result = mutex_lock_interruptible(&ima_write_mutex);

	if (result < 0)

		goto out_free;



	if (data[0] == '/') {

		for (i = 0; data[i] != '\n' && data[i] != '\0'; i++) {

			if (iscntrl(data[i])) {

				pr_err_once("invalid path (control characters are not allowed)\n");

				result = -EINVAL;

				mutex_unlock(&ima_write_mutex);

				goto out_free;

			}

		}



	result = mutex_lock_interruptible(&ima_write_mutex);

	if (result < 0)

		goto out_free;



	if (data[0] == '/') {

		result = ima_read_file(data, dentry);

	} else if (dentry == ima_policy) {

		if (ima_appraise & IMA_APPRAISE_POLICY) {