Commit a65d9d1d authored by Casey Schaufler's avatar Casey Schaufler Committed by Paul Moore
Browse files

ima: uncover hidden variable in ima_match_rules() 



The variable name "prop" is inadvertently used twice in
ima_match_rules(), resulting in incorrect use of the local
variable when the function parameter should have been.
Rename the local variable and correct the use of the parameter.

Suggested-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
Acked-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
[PM: subj tweak, Roberto's ACK]
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 8afd8c8f

security/integrity/ima/ima_policy.c

+5 −4
Original line number Diff line number Diff line
@@ -635,7 +635,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule, 
		return false;

	for (i = 0; i < MAX_LSM_RULES; i++) {

		int rc = 0;

		struct lsm_prop prop = { };

		struct lsm_prop inode_prop = { };



		if (!lsm_rule->lsm[i].rule) {

			if (!lsm_rule->lsm[i].args_p)
@@ -649,15 +649,16 @@ static bool ima_match_rules(struct ima_rule_entry *rule, 
		case LSM_OBJ_USER:

		case LSM_OBJ_ROLE:

		case LSM_OBJ_TYPE:

			security_inode_getlsmprop(inode, &prop);

			rc = ima_filter_rule_match(&prop, lsm_rule->lsm[i].type,

			security_inode_getlsmprop(inode, &inode_prop);

			rc = ima_filter_rule_match(&inode_prop,

						   lsm_rule->lsm[i].type,

						   Audit_equal,

						   lsm_rule->lsm[i].rule);

			break;

		case LSM_SUBJ_USER:

		case LSM_SUBJ_ROLE:

		case LSM_SUBJ_TYPE:

			rc = ima_filter_rule_match(&prop, lsm_rule->lsm[i].type,

			rc = ima_filter_rule_match(prop, lsm_rule->lsm[i].type,

						   Audit_equal,

						   lsm_rule->lsm[i].rule);

			break;