From: Stephen Rothwell <sfr@canb.auug.org.au>
Date: Wed, 20 Feb 2013 03:21:40 +0000 (+1100)
Subject: Merge remote-tracking branch 'security/next'
X-Git-Tag: next-20130220~48
X-Git-Url: https://git.karo-electronics.de/?a=commitdiff_plain;h=57ddcad46d009245f2336c2446e9486e9e7d80b3;p=karo-tx-linux.git

Merge remote-tracking branch 'security/next'

Conflicts:
	lib/digsig.c
	security/integrity/ima/ima_main.c
---

57ddcad46d009245f2336c2446e9486e9e7d80b3
diff --cc lib/digsig.c
index dc2be7ed1765,0103c5b9b802..2f31e6a45f0a
--- a/lib/digsig.c
+++ b/lib/digsig.c
@@@ -162,13 -152,9 +152,11 @@@ static int digsig_verify_rsa(struct ke
  	memset(out1, 0, head);
  	memcpy(out1 + head, p, l);
  
 +	kfree(p);
 +
- 	err = pkcs_1_v1_5_decode_emsa(out1, len, mblen, out2, &len);
- 	if (err)
- 		goto err;
+ 	m = pkcs_1_v1_5_decode_emsa(out1, len, mblen, &len);
  
- 	if (len != hlen || memcmp(out2, h, hlen))
+ 	if (!m || len != hlen || memcmp(m, h, hlen))
  		err = -EINVAL;
  
  err:
diff --cc security/integrity/ima/ima.h
index 079a85dc37b2,6e69697fd530..a41c9c18e5e0
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@@ -139,10 -141,9 +141,10 @@@ void ima_delete_rules(void)
  /* Appraise integrity measurements */
  #define IMA_APPRAISE_ENFORCE	0x01
  #define IMA_APPRAISE_FIX	0x02
 +#define IMA_APPRAISE_MODULES	0x04
  
  #ifdef CONFIG_IMA_APPRAISE
- int ima_appraise_measurement(struct integrity_iint_cache *iint,
+ int ima_appraise_measurement(int func, struct integrity_iint_cache *iint,
  			     struct file *file, const unsigned char *filename);
  int ima_must_appraise(struct inode *inode, int mask, enum ima_hooks func);
  void ima_update_xattr(struct integrity_iint_cache *iint, struct file *file);
diff --cc security/integrity/ima/ima_main.c
index dba965de90d3,3e751a9743a1..242bab80688a
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@@ -291,18 -282,10 +282,17 @@@ EXPORT_SYMBOL_GPL(ima_file_check)
   */
  int ima_module_check(struct file *file)
  {
- 	int rc = 0;
- 
 -	if (!file)
 -		return -EACCES;	/* INTEGRITY_UNKNOWN */
 +	if (!file) {
- 		if (ima_appraise & IMA_APPRAISE_MODULES) {
++		if ((ima_appraise & IMA_APPRAISE_MODULES) &&
++		    (ima_appraise & IMA_APPRAISE_ENFORCE)) {
 +#ifndef CONFIG_MODULE_SIG_FORCE
- 			rc = -EACCES;	/* INTEGRITY_UNKNOWN */
++			return -EACCES;	/* INTEGRITY_UNKNOWN */
 +#endif
 +		}
- 	} else
- 		rc = process_measurement(file, file->f_dentry->d_name.name,
- 					 MAY_EXEC, MODULE_CHECK);
- 	return (ima_appraise & IMA_APPRAISE_ENFORCE) ? rc : 0;
++		return 0;
++	}
+ 	return process_measurement(file, file->f_dentry->d_name.name,
+ 				   MAY_EXEC, MODULE_CHECK);
  }
  
  static int __init init_ima(void)