ima: Fix a potential integer overflow in ima_appraise_measurement

CKI Backport Bot · CKI Backport Bot · commit af6e0063a840 · 2025-02-26T11:32:10.000Z
JIRA: https://issues.redhat.com/browse/RHEL-80802 CVE: CVE-2022-49643 commit d2ee2cf Author: Huaxin Lu <luhuaxin1@huawei.com> Date: Tue Jul 5 13:14:17 2022 +0800 ima: Fix a potential integer overflow in ima_appraise_measurement When the ima-modsig is enabled, the rc passed to evm_verifyxattr() may be negative, which may cause the integer overflow problem. Fixes: 39b0709 ("ima: Implement support for module-style appended signatures") Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com> Signed-off-by: CKI Backport Bot <cki-ci-bot+cki-gitlab-backport-bot@redhat.com>
diff --git a/security/integrity/ima/ima_appraise.c b/security/integrity/ima/ima_appraise.c
@@ -408,7 +408,8 @@ int ima_appraise_measurement(enum ima_hooks func,
 		goto out;
 	}
 
-	status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);
+	status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value,
+				 rc < 0 ? 0 : rc, iint);
 	switch (status) {
 	case INTEGRITY_PASS:
 	case INTEGRITY_PASS_IMMUTABLE:

Original file line number	Diff line number	Diff line change
`@@ -408,7 +408,8 @@ int ima_appraise_measurement(enum ima_hooks func,`
`408`	`408`	`goto out;`
`409`	`409`	`}`
`410`	`410`
`411`		`- status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value, rc, iint);`
	`411`	`+ status = evm_verifyxattr(dentry, XATTR_NAME_IMA, xattr_value,`
	`412`	`+ rc < 0 ? 0 : rc, iint);`
`412`	`413`	`switch (status) {`
`413`	`414`	`case INTEGRITY_PASS:`
`414`	`415`	`case INTEGRITY_PASS_IMMUTABLE:`