From patchwork Thu Mar  8 17:00:51 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tycho Andersen <tycho@tycho.ws>
X-Patchwork-Id: 10268513
Return-Path: 
 <kernel-hardening-return-12238-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	231EC602C8 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  8 Mar 2018 17:02:05 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1426A29339
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  8 Mar 2018 17:02:05 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 08E2529459; Thu,  8 Mar 2018 17:02:05 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 8BB2929339
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  8 Mar 2018 17:01:59 +0000 (UTC)
Received: (qmail 9229 invoked by uid 550); 8 Mar 2018 17:01:57 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 8153 invoked from network); 8 Mar 2018 17:01:56 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=tycho-ws.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id;
	bh=BAOnLg8xz/HX7iBPazryjgGzDg7+l7+F3AbP7nH4BXY=;
	b=qKanPzRLjWFz0j+qKbo4UGrmHWLQbU5kh6qwhrleLk2vnGzkzFjN4cyX+NFHRaRNtV
	1rCuhLbbR3EajtvrWRolieVUWMmEFVxh0vWhczLTJqi63RAvq1FipuO38ag8PB3Bjy6o
	6pMRFtrmpmgEfI4afbl63A9A38FQLYAS4A29hkz7WMnwnIKVtd6xGp/epWPThMElBiTe
	WtatIuREss9+EneQXVZUJgRvLtolYMyXb7uWKPI+cZ8lb9+iAE9Od1jRibld5H3Lm6kJ
	9Ihz3Hk1v2DvBKrB8ZMxJDRtEseZ8SXrvaS4SsMXIYd1XpYmh2ampVScKTznYJ5APwFL
	n+Cg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=BAOnLg8xz/HX7iBPazryjgGzDg7+l7+F3AbP7nH4BXY=;
	b=J1jVfiLw9zTuZMx2Q0akMtFwq0KPMBac0fxNi1mbs0PEmF/NdkDU18cFFWmaaIYSO2
	n0xfos43UNHzdtz2WR0aLkGNwpI6pqtj80lDd2e3qb4nqYVb7qj42Q9XERgscSL6MW9u
	GGRIRXUmw1JxZJYo+DMXS4UwLK7cSwnm4bMDdZxI4yHj9zJHZX5jSPkelNGsZAf5ix1k
	Dk8VhsiCnK52uGlJrjUKoBZA9Mp6G6euBvkxCLPIy/TOXAKPbZeyB67ydlXJ3ZYMjPH4
	Q1QBSTji4wRKy4j7pC6JCplYDhuKXeycuRMJlOOSwxUMwMCcBkmKSvvT10EtD/zZiNge
	AxLA==
X-Gm-Message-State: AElRT7G3ardQCOHtNOokARD1cV6yjHsvKtNf8iEk3GrTN/525Ln4sFj/
	gjtPRARZPgDAlmkSHrEnMGdmTPw3
X-Google-Smtp-Source: 
 AG47ELsuTDEurLqCSKVLsSf7zxVJcB222VO0ym5CmvPki01vbw1v4MRlNBWYwV97bfsFjPSl7wlhAA==
X-Received: by 10.233.239.82 with SMTP id d79mr38837456qkg.190.1520528504063;
	Thu, 08 Mar 2018 09:01:44 -0800 (PST)
From: Tycho Andersen <tycho@tycho.ws>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: linux-ima-devel@lists.sourceforge.net, linux-kernel@vger.kernel.org,
	kernel-hardening@lists.openwall.com, Tycho Andersen <tycho@tycho.ws>
Subject: [PATCH] ima: drop vla in ima_audit_measurement()
Date: Thu,  8 Mar 2018 10:00:51 -0700
Message-Id: <20180308170051.30840-1-tycho@tycho.ws>
X-Mailer: git-send-email 2.14.1
X-Virus-Scanned: ClamAV using ClamSMTP

In keeping with the directive to get rid of VLAs [1], let's drop the VLA
from ima_audit_measurement(). We need to adjust the return type of
ima_audit_measurement, because now this function can fail if an allocation
fails.

[1]: https://lkml.org/lkml/2018/3/7/621

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
---
 security/integrity/ima/ima.h      |  4 ++--
 security/integrity/ima/ima_api.c  | 31 +++++++++++++++++++++++--------
 security/integrity/ima/ima_main.c |  7 +++++--
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index d52b487ad259..8e2470f72f7f 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -201,8 +201,8 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
 			   const unsigned char *filename,
 			   struct evm_ima_xattr_data *xattr_value,
 			   int xattr_len, int pcr);
-void ima_audit_measurement(struct integrity_iint_cache *iint,
-			   const unsigned char *filename);
+int ima_audit_measurement(struct integrity_iint_cache *iint,
+			  const unsigned char *filename);
 int ima_alloc_init_template(struct ima_event_data *event_data,
 			    struct ima_template_entry **entry);
 int ima_store_template(struct ima_template_entry *entry, int violation,
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 08fe405338e1..008d3887ae00 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -304,17 +304,28 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
 		ima_free_template_entry(entry);
 }
 
-void ima_audit_measurement(struct integrity_iint_cache *iint,
-			   const unsigned char *filename)
+int ima_audit_measurement(struct integrity_iint_cache *iint,
+			  const unsigned char *filename)
 {
 	struct audit_buffer *ab;
-	char hash[(iint->ima_hash->length * 2) + 1];
+	char *hash, *algo_hash;
 	const char *algo_name = hash_algo_name[iint->ima_hash->algo];
-	char algo_hash[sizeof(hash) + strlen(algo_name) + 2];
-	int i;
+	int i, hash_len, algo_hash_len;
 
 	if (iint->flags & IMA_AUDITED)
-		return;
+		return 0;
+
+	hash_len = (iint->ima_hash->length * 2) + 1;
+	hash = kzalloc(hash_len, GFP_KERNEL);
+	if (!hash)
+		return -ENOMEM;
+
+	algo_hash_len = hash_len + strlen(algo_name) + 2;
+	algo_hash = kzalloc(algo_hash_len, GFP_KERNEL);
+	if (!algo_hash) {
+		kfree(hash);
+		return -ENOMEM;
+	}
 
 	for (i = 0; i < iint->ima_hash->length; i++)
 		hex_byte_pack(hash + (i * 2), iint->ima_hash->digest[i]);
@@ -323,18 +334,22 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
 	ab = audit_log_start(current->audit_context, GFP_KERNEL,
 			     AUDIT_INTEGRITY_RULE);
 	if (!ab)
-		return;
+		goto out;
 
 	audit_log_format(ab, "file=");
 	audit_log_untrustedstring(ab, filename);
 	audit_log_format(ab, " hash=");
-	snprintf(algo_hash, sizeof(algo_hash), "%s:%s", algo_name, hash);
+	snprintf(algo_hash, algo_hash_len, "%s:%s", algo_name, hash);
 	audit_log_untrustedstring(ab, algo_hash);
 
 	audit_log_task_info(ab, current);
 	audit_log_end(ab);
 
 	iint->flags |= IMA_AUDITED;
+out:
+	kfree(hash);
+	kfree(algo_hash);
+	return 0;
 }
 
 /*
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 2cfb0c714967..356faae6f09c 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -288,8 +288,11 @@ static int process_measurement(struct file *file, char *buf, loff_t size,
 					      xattr_value, xattr_len, opened);
 		inode_unlock(inode);
 	}
-	if (action & IMA_AUDIT)
-		ima_audit_measurement(iint, pathname);
+	if (action & IMA_AUDIT) {
+		rc = ima_audit_measurement(iint, pathname);
+		if (rc < 0)
+			goto out_locked;
+	}
 
 	if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO))
 		rc = 0;