From 3e8e5503a33577d89bdb7469b851b11f507bbed6 Mon Sep 17 00:00:00 2001 From: Roberto Sassu Date: Fri, 8 Nov 2013 19:21:40 +0100 Subject: ima: do not send field length to userspace for digest of ima template This patch defines a new value for the 'ima_show_type' enumerator (IMA_SHOW_BINARY_NO_FIELD_LEN) to prevent that the field length is transmitted through the 'binary_runtime_measurements' interface for the digest field of the 'ima' template. Fixes commit: 3ce1217 ima: define template fields library and new helpers Signed-off-by: Roberto Sassu Signed-off-by: Mimi Zohar --- security/integrity/ima/ima_template_lib.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'security/integrity/ima/ima_template_lib.c') diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index 6d66ad6ed265..c38adcc910fb 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -109,9 +109,12 @@ static void ima_show_template_data_binary(struct seq_file *m, enum data_formats datafmt, struct ima_field_data *field_data) { - ima_putc(m, &field_data->len, sizeof(u32)); + if (show != IMA_SHOW_BINARY_NO_FIELD_LEN) + ima_putc(m, &field_data->len, sizeof(u32)); + if (!field_data->len) return; + ima_putc(m, field_data->data, field_data->len); } @@ -125,6 +128,7 @@ static void ima_show_template_field_data(struct seq_file *m, ima_show_template_data_ascii(m, show, datafmt, field_data); break; case IMA_SHOW_BINARY: + case IMA_SHOW_BINARY_NO_FIELD_LEN: ima_show_template_data_binary(m, show, datafmt, field_data); break; default: -- cgit v1.2.3