Skip to content

Commit

Permalink
evm: fix writing <securityfs>/evm overflow
Browse files Browse the repository at this point in the history 
[ Upstream commit 49219d9 ]

EVM_SETUP_COMPLETE is defined as 0x80000000, which is larger than INT_MAX.
The "-fno-strict-overflow" compiler option properly prevents signaling
EVM that the EVM policy setup is complete.  Define and read an unsigned
int.

Fixes: f00d797 ("EVM: Allow userspace to signal an RSA key has been loaded")
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
  • Loading branch information
@mimizohar @gregkh
mimizohar authored and gregkh committed Jul 14, 2021
1 parent 403577f commit 912d16a
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions security/integrity/evm/evm_secfs.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -66,12 +66,13 @@ static ssize_t evm_read_key(struct file *filp, char __user *buf,
static ssize_t evm_write_key(struct file *file, const char __user *buf,
size_t count, loff_t *ppos)
{
int i, ret;
unsigned int i;
int ret;

if (!capable(CAP_SYS_ADMIN) || (evm_initialized & EVM_SETUP_COMPLETE))
return -EPERM;

ret = kstrtoint_from_user(buf, count, 0, &i);
ret = kstrtouint_from_user(buf, count, 0, &i);

if (ret)
return ret;
Expand Down

0 comments on commit 912d16a

Please sign in to comment.