diff options
Diffstat (limited to 'security/integrity/ima/ima_template.c')
| -rw-r--r-- | security/integrity/ima/ima_template.c | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index 4e5da990630b..635695f6a185 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c | |||
| @@ -90,7 +90,7 @@ static struct ima_template_field *lookup_template_field(const char *field_id) | |||
| 90 | return NULL; | 90 | return NULL; |
| 91 | } | 91 | } |
| 92 | 92 | ||
| 93 | static int template_fmt_size(char *template_fmt) | 93 | static int template_fmt_size(const char *template_fmt) |
| 94 | { | 94 | { |
| 95 | char c; | 95 | char c; |
| 96 | int template_fmt_len = strlen(template_fmt); | 96 | int template_fmt_len = strlen(template_fmt); |
| @@ -106,22 +106,29 @@ static int template_fmt_size(char *template_fmt) | |||
| 106 | return j + 1; | 106 | return j + 1; |
| 107 | } | 107 | } |
| 108 | 108 | ||
| 109 | static int template_desc_init_fields(char *template_fmt, | 109 | static int template_desc_init_fields(const char *template_fmt, |
| 110 | struct ima_template_field ***fields, | 110 | struct ima_template_field ***fields, |
| 111 | int *num_fields) | 111 | int *num_fields) |
| 112 | { | 112 | { |
| 113 | char *c, *template_fmt_ptr = template_fmt; | 113 | char *c, *template_fmt_copy, *template_fmt_ptr; |
| 114 | int template_num_fields = template_fmt_size(template_fmt); | 114 | int template_num_fields = template_fmt_size(template_fmt); |
| 115 | int i, result = 0; | 115 | int i, result = 0; |
| 116 | 116 | ||
| 117 | if (template_num_fields > IMA_TEMPLATE_NUM_FIELDS_MAX) | 117 | if (template_num_fields > IMA_TEMPLATE_NUM_FIELDS_MAX) |
| 118 | return -EINVAL; | 118 | return -EINVAL; |
| 119 | 119 | ||
| 120 | /* copying is needed as strsep() modifies the original buffer */ | ||
| 121 | template_fmt_copy = kstrdup(template_fmt, GFP_KERNEL); | ||
| 122 | if (template_fmt_copy == NULL) | ||
| 123 | return -ENOMEM; | ||
| 124 | |||
| 120 | *fields = kzalloc(template_num_fields * sizeof(*fields), GFP_KERNEL); | 125 | *fields = kzalloc(template_num_fields * sizeof(*fields), GFP_KERNEL); |
| 121 | if (*fields == NULL) { | 126 | if (*fields == NULL) { |
| 122 | result = -ENOMEM; | 127 | result = -ENOMEM; |
| 123 | goto out; | 128 | goto out; |
| 124 | } | 129 | } |
| 130 | |||
| 131 | template_fmt_ptr = template_fmt_copy; | ||
| 125 | for (i = 0; (c = strsep(&template_fmt_ptr, "|")) != NULL && | 132 | for (i = 0; (c = strsep(&template_fmt_ptr, "|")) != NULL && |
| 126 | i < template_num_fields; i++) { | 133 | i < template_num_fields; i++) { |
| 127 | struct ima_template_field *f = lookup_template_field(c); | 134 | struct ima_template_field *f = lookup_template_field(c); |
| @@ -133,10 +140,12 @@ static int template_desc_init_fields(char *template_fmt, | |||
| 133 | (*fields)[i] = f; | 140 | (*fields)[i] = f; |
| 134 | } | 141 | } |
| 135 | *num_fields = i; | 142 | *num_fields = i; |
| 136 | return 0; | ||
| 137 | out: | 143 | out: |
| 138 | kfree(*fields); | 144 | if (result < 0) { |
| 139 | *fields = NULL; | 145 | kfree(*fields); |
| 146 | *fields = NULL; | ||
| 147 | } | ||
| 148 | kfree(template_fmt_copy); | ||
| 140 | return result; | 149 | return result; |
| 141 | } | 150 | } |
| 142 | 151 | ||