[PATCH v5 6/6] module: Move duplicate mod_check_sig users code to mod_parse_sig
Luis Chamberlain
mcgrof at kernel.org
Tue Jan 25 20:27:13 UTC 2022
On Tue, Jan 11, 2022 at 12:37:48PM +0100, Michal Suchanek wrote:
> Multiple users of mod_check_sig check for the marker, then call
> mod_check_sig, extract signature length, and remove the signature.
>
> Put this code in one place together with mod_check_sig.
>
> This changes the error from ENOENT to ENODATA for ima_read_modsig in the
> case the signature marker is missing.
>
> This also changes the buffer length in ima_read_modsig from size_t to
> unsigned long. This reduces the possible value range on 32bit but the
> length refers to kernel in-memory buffer which cannot be longer than
> ULONG_MAX.
>
> Also change mod_check_sig to unsigned long while at it.
>
> Signed-off-by: Michal Suchanek <msuchanek at suse.de>
Reviewed-by: Luis Chamberlain <mcgrof at kernel.org>
Luis
More information about the Linux-security-module-archive
mailing list