diff options
| author | Mimi Zohar <zohar@linux.ibm.com> | 2022-06-30 11:23:38 -0400 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.ibm.com> | 2022-07-06 22:31:52 -0400 |
| commit | 9fab303a2cb3d323ca3a32a8b4ab60b451141901 (patch) | |
| tree | cbbdd930d8c4fa127f7a39fe5ae298f4a9b080dd /security | |
| parent | 51dd64bb99e4478fc5280171acd8e1b529eadaf7 (diff) | |
| download | linux-9fab303a2cb3d323ca3a32a8b4ab60b451141901.tar.gz | |
ima: fix violation measurement list record
Although the violation digest in the IMA measurement list is always
zeroes, the size of the digest should be based on the hash algorithm.
Until recently the hash algorithm was hard coded to sha1. Fix the
violation digest size included in the IMA measurement list.
This is just a cosmetic change which should not affect attestation.
Reported-by: Stefan Berger <stefanb@linux.ibm.com>
Fixes: 09091c44cb73 ("ima: use IMA default hash algorithm for integrity violations")
Tested-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_template_lib.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_template_lib.c b/security/integrity/ima/ima_template_lib.c index c877f01a54713e..7bf9b150722023 100644 --- a/security/integrity/ima/ima_template_lib.c +++ b/security/integrity/ima/ima_template_lib.c @@ -323,10 +323,10 @@ static int ima_eventdigest_init_common(const u8 *digest, u32 digestsize, else /* * If digest is NULL, the event being recorded is a violation. - * Make room for the digest by increasing the offset of - * IMA_DIGEST_SIZE. + * Make room for the digest by increasing the offset by the + * hash algorithm digest size. */ - offset += IMA_DIGEST_SIZE; + offset += hash_digest_size[hash_algo]; return ima_write_template_field_data(buffer, offset + digestsize, fmt, field_data); |