summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--security/integrity/ima/ima_appraise.c2
-rw-r--r--security/integrity/integrity.h1
2 files changed, 3 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
index bd8cef5b67e4..85b147eddcf5 100644
--- a/security/integrity/ima/ima_appraise.c
+++ b/security/integrity/ima/ima_appraise.c
@@ -370,6 +370,8 @@ int ima_inode_setxattr(struct dentry *dentry, const char *xattr_name,
result = ima_protect_xattr(dentry, xattr_name, xattr_value,
xattr_value_len);
if (result == 1) {
+ if (!xattr_value_len || (xvalue->type >= IMA_XATTR_LAST))
+ return -EINVAL;
ima_reset_appraise_flags(dentry->d_inode,
(xvalue->type == EVM_IMA_XATTR_DIGSIG) ? 1 : 0);
result = 0;
diff --git a/security/integrity/integrity.h b/security/integrity/integrity.h
index 2f8715d77a5a..6a3d6aa14c09 100644
--- a/security/integrity/integrity.h
+++ b/security/integrity/integrity.h
@@ -57,6 +57,7 @@ enum evm_ima_xattr_type {
EVM_XATTR_HMAC,
EVM_IMA_XATTR_DIGSIG,
IMA_XATTR_DIGEST_NG,
+ IMA_XATTR_LAST
};
struct evm_ima_xattr_data {
generated by cgit v1.2.3 (git 2.39.0) at 2025-01-11 13:45:23 +0300