diff options
author | Eric Paris <eparis@redhat.com> | 2010-04-20 10:21:18 -0400 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-04-20 19:58:16 -0400 |
commit | 28ef4002ec7b4be27f1110b83e255df8159c786a (patch) | |
tree | e7b32aeb36ecf2d76235aa7d436a7578738a98cc | |
parent | e9d393bf8660fbbbe00617015224342bac3ea6fc (diff) |
IMA: handle whitespace better
IMA parser will fail if whitespace is used in any way other than a single
space. Using a tab or even using 2 spaces in a row will result in a policy
being rejected. This patch makes the kernel ignore whitespace a bit better.
Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/integrity/ima/ima_policy.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c index dee2dc062bc..1bc9e31ae25 100644 --- a/security/integrity/ima/ima_policy.c +++ b/security/integrity/ima/ima_policy.c | |||
@@ -265,15 +265,15 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry) | |||
265 | 265 | ||
266 | entry->uid = -1; | 266 | entry->uid = -1; |
267 | entry->action = UNKNOWN; | 267 | entry->action = UNKNOWN; |
268 | while ((p = strsep(&rule, " ")) != NULL) { | 268 | while ((p = strsep(&rule, " \t")) != NULL) { |
269 | substring_t args[MAX_OPT_ARGS]; | 269 | substring_t args[MAX_OPT_ARGS]; |
270 | int token; | 270 | int token; |
271 | unsigned long lnum; | 271 | unsigned long lnum; |
272 | 272 | ||
273 | if (result < 0) | 273 | if (result < 0) |
274 | break; | 274 | break; |
275 | if (!*p) | 275 | if ((*p == '\0') || (*p == ' ') || (*p == '\t')) |
276 | break; | 276 | continue; |
277 | token = match_token(p, policy_tokens, args); | 277 | token = match_token(p, policy_tokens, args); |
278 | switch (token) { | 278 | switch (token) { |
279 | case Opt_measure: | 279 | case Opt_measure: |