ima: no need to allocate entry for comment

If a rule is a comment, there is no need to allocate an entry.
Move the checking for comments before allocating the entry.

Signed-off-by: Dmitry Kasatkin <d.kasatkin@samsung.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

1 files changed, 6 insertions, 8 deletions

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index cdc620b2152f..bf232b98011e 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -694,6 +694,12 @@ ssize_t ima_parse_add_rule(char *rule)
                 return -EACCES;
         }
 
+        p = strsep(&rule, "\n");
+        len = strlen(p) + 1;
+
+        if (*p == '#')
+                return len;
+
         entry = kzalloc(sizeof(*entry), GFP_KERNEL);
         if (!entry) {
                 integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
@@ -703,14 +709,6 @@ ssize_t ima_parse_add_rule(char *rule)
 
         INIT_LIST_HEAD(&entry->list);
 
-        p = strsep(&rule, "\n");
-        len = strlen(p) + 1;
-
-        if (*p == '#') {
-                kfree(entry);
-                return len;
-        }
-
         result = ima_parse_rule(p, entry);
         if (result) {
                 kfree(entry);