ima: use dynamically allocated hash storage
For each inode in the IMA policy, an iint is allocated. To support
larger hash digests, the iint digest size changed from 20 bytes to
the maximum supported hash digest size. Instead of allocating the
maximum size, which most likely is not needed, this patch dynamically
allocates the needed hash storage.
Changelog:
- fix krealloc bug
Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index e1865a6..116630c 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -45,10 +45,10 @@
static int ima_fix_xattr(struct dentry *dentry,
struct integrity_iint_cache *iint)
{
- iint->ima_hash.type = IMA_XATTR_DIGEST;
+ iint->ima_hash->type = IMA_XATTR_DIGEST;
return __vfs_setxattr_noperm(dentry, XATTR_NAME_IMA,
- &iint->ima_hash.type,
- 1 + iint->ima_hash.length, 0);
+ &iint->ima_hash->type,
+ 1 + iint->ima_hash->length, 0);
}
/* Return specific func appraised cached result */
@@ -186,13 +186,13 @@
status = INTEGRITY_FAIL;
break;
}
- if (xattr_len - 1 >= iint->ima_hash.length)
+ if (xattr_len - 1 >= iint->ima_hash->length)
/* xattr length may be longer. md5 hash in previous
version occupied 20 bytes in xattr, instead of 16
*/
rc = memcmp(xattr_value->digest,
- iint->ima_hash.digest,
- iint->ima_hash.length);
+ iint->ima_hash->digest,
+ iint->ima_hash->length);
else
rc = -EINVAL;
if (rc) {
@@ -206,8 +206,8 @@
iint->flags |= IMA_DIGSIG;
rc = integrity_digsig_verify(INTEGRITY_KEYRING_IMA,
(const char *)xattr_value, rc,
- iint->ima_hash.digest,
- iint->ima_hash.length);
+ iint->ima_hash->digest,
+ iint->ima_hash->length);
if (rc == -EOPNOTSUPP) {
status = INTEGRITY_UNKNOWN;
} else if (rc) {