[PATCH 08/12] ima: added parser for RPM data type
kbuild test robot
lkp at intel.com
Thu Jul 27 05:03:29 UTC 2017
Hi Roberto,
[auto build test WARNING on integrity/next]
[also build test WARNING on v4.13-rc2 next-20170726]
[if your patch is applied to the wrong git tree, please drop us a note to help improve the system]
url: https://github.com/0day-ci/linux/commits/Roberto-Sassu/ima-measure-digest-lists-instead-of-individual-files/20170727-123131
base: https://git.kernel.org/pub/scm/linux/kernel/git/zohar/linux-integrity.git next
config: xtensa-allyesconfig (attached as .config)
compiler: xtensa-linux-gcc (GCC) 4.9.0
reproduce:
wget https://raw.githubusercontent.com/01org/lkp-tests/master/sbin/make.cross -O ~/bin/make.cross
chmod +x ~/bin/make.cross
# save the attached .config to linux build tree
make.cross ARCH=xtensa
All warnings (new ones prefixed by >>):
security/integrity/ima/ima_digest_list.c: In function 'ima_parse_rpm':
>> security/integrity/ima/ima_digest_list.c:147:4: warning: ignoring return value of 'hex2bin', declared with attribute warn_unused_result [-Wunused-result]
hex2bin(digest, datap, digest_len);
^
vim +/hex2bin +147 security/integrity/ima/ima_digest_list.c
98
99 static int ima_parse_rpm(loff_t size, void *buf)
100 {
101 void *bufp = buf, *bufendp = buf + size;
102 struct rpm_hdr *hdr = bufp;
103 u32 tags = be32_to_cpu(hdr->tags);
104 struct rpm_entryinfo *entry;
105 void *datap = bufp + sizeof(*hdr) + tags * sizeof(struct rpm_entryinfo);
106 int digest_len = hash_digest_size[ima_hash_algo];
107 u8 digest[digest_len];
108 int ret, i, j;
109
110 const unsigned char rpm_header_magic[8] = {
111 0x8e, 0xad, 0xe8, 0x01, 0x00, 0x00, 0x00, 0x00
112 };
113
114 if (size < sizeof(*hdr)) {
115 pr_err("Missing RPM header\n");
116 return -EINVAL;
117 }
118
119 if (memcmp(bufp, rpm_header_magic, sizeof(rpm_header_magic))) {
120 pr_err("Invalid RPM header\n");
121 return -EINVAL;
122 }
123
124 bufp += sizeof(*hdr);
125
126 for (i = 0; i < tags && (bufp + sizeof(*entry)) <= bufendp;
127 i++, bufp += sizeof(*entry)) {
128 entry = bufp;
129
130 if (be32_to_cpu(entry->tag) != RPMTAG_FILEDIGESTS)
131 continue;
132
133 datap += be32_to_cpu(entry->offset);
134
135 for (j = 0; j < be32_to_cpu(entry->count) &&
136 datap < bufendp; j++) {
137 if (strlen(datap) == 0) {
138 datap++;
139 continue;
140 }
141
142 if (datap + digest_len * 2 + 1 > bufendp) {
143 pr_err("RPM header read at invalid offset\n");
144 return -EINVAL;
145 }
146
> 147 hex2bin(digest, datap, digest_len);
148
149 ret = ima_add_digest_data_entry(digest);
150 if (ret < 0 && ret != -EEXIST)
151 return ret;
152
153 datap += digest_len * 2 + 1;
154 }
155
156 break;
157 }
158
159 return 0;
160 }
161
---
0-DAY kernel test infrastructure Open Source Technology Center
https://lists.01.org/pipermail/kbuild-all Intel Corporation
More information about the Linux-security-module-archive
mailing list