diff options
| author | Mimi Zohar <zohar@linux.ibm.com> | 2022-01-24 22:26:23 +0300 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2022-02-15 19:52:06 +0300 |
| commit | 8c54135e2e6da677291012813a26a5f1b2c8a90a (patch) | |
| tree | 7310ad04d4a1c673c8fafa27d187b6ee89e9566b /security/integrity/ima/ima_main.c | |
| parent | aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25 (diff) | |
| download | linux-8c54135e2e6da677291012813a26a5f1b2c8a90a.tar.xz | |
ima: define ima_max_digest_data struct without a flexible array variable
To support larger hash digests in the 'iint' cache, instead of defining
the 'digest' field as the maximum digest size, the 'digest' field was
defined as a flexible array variable. The "ima_digest_data" struct was
wrapped inside a local structure with the maximum digest size. But
before adding the record to the iint cache, memory for the exact digest
size was dynamically allocated.
The original reason for defining the 'digest' field as a flexible array
variable is still valid for the 'iint' cache use case. Instead of
wrapping the 'ima_digest_data' struct in a local structure define
'ima_max_digest_data' struct.
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security/integrity/ima/ima_main.c')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 7c80dfe2c7a5..c6412dec3810 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -874,10 +874,7 @@ int process_buffer_measurement(struct user_namespace *mnt_userns, .buf = buf, .buf_len = size}; struct ima_template_desc *template; - struct { - struct ima_digest_data hdr; - char digest[IMA_MAX_DIGEST_SIZE]; - } hash = {}; + struct ima_max_digest_data hash; char digest_hash[IMA_MAX_DIGEST_SIZE]; int digest_hash_len = hash_digest_size[ima_hash_algo]; int violation = 0; |