git.kernel.dk Git - linux-2.6-block.git/commit

author	Mimi Zohar <zohar@linux.ibm.com>
	Mon, 24 Jan 2022 19:26:23 +0000 (14:26 -0500)
committer	Mimi Zohar <zohar@linux.ibm.com>
	Tue, 15 Feb 2022 16:52:06 +0000 (11:52 -0500)
commit	8c54135e2e6da677291012813a26a5f1b2c8a90a
tree	7310ad04d4a1c673c8fafa27d187b6ee89e9566b	tree \| snapshot
parent	aae6ccbd826d26730a6fd9bc01884f0a0a9cbb25	commit \| diff

ima: define ima_max_digest_data struct without a flexible array variable

To support larger hash digests in the 'iint' cache, instead of defining
the 'digest' field as the maximum digest size, the 'digest' field was
defined as a flexible array variable.  The "ima_digest_data" struct was
wrapped inside a local structure with the maximum digest size.  But
before adding the record to the iint cache, memory for the exact digest
size was dynamically allocated.

The original reason for defining the 'digest' field as a flexible array
variable is still valid for the 'iint' cache use case.  Instead of
wrapping the 'ima_digest_data' struct in a local structure define
'ima_max_digest_data' struct.

Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

security/integrity/ima/ima_api.c		diff \| blob \| blame \| history
security/integrity/ima/ima_init.c		diff \| blob \| blame \| history
security/integrity/ima/ima_main.c		diff \| blob \| blame \| history
security/integrity/ima/ima_template_lib.c		diff \| blob \| blame \| history
security/integrity/integrity.h		diff \| blob \| blame \| history