From patchwork Thu Mar  8 17:14:56 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tycho Andersen <tycho@tycho.ws>
X-Patchwork-Id: 10268521
Return-Path: 
 <kernel-hardening-return-12240-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	31378602C8 for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  8 Mar 2018 17:15:40 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 22CA6296AD
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  8 Mar 2018 17:15:40 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id 176FB297F4; Thu,  8 Mar 2018 17:15:40 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 1150A296AD
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  8 Mar 2018 17:15:38 +0000 (UTC)
Received: (qmail 31865 invoked by uid 550); 8 Mar 2018 17:15:37 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 31824 invoked from network); 8 Mar 2018 17:15:36 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=tycho-ws.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id;
	bh=BAOnLg8xz/HX7iBPazryjgGzDg7+l7+F3AbP7nH4BXY=;
	b=SIxpb+ZAUQwaBXUB3nw7ezEwiZjcEJ25+92L5/UxkmC0X5izG0JRjNjr104lz2Syju
	WuYpazBky7rAMbkbyerwLO8WGT7jpzSn/nrpOrbO1oN6+h0bCFejuDlPbq+6AZARiRCY
	UKGnXD9ZO7zBrJKf+LR+26UcEXrkatw0Fq33dUuku5+gUvXwivHaFZ895MVBndI8MOvZ
	xOdq/iCmm3Sk/Oot2wnfZ0TzEp9aeB9NPjOg4QhUJ3XEs0ygLz4D7/J2i2BTU/3Yzh3U
	qkw301AurXLPvItCzQzXGG+2Eg8nSF2xrGP17qcOlTg2l2KAfqIMc3OneVYxdQJblw45
	N2SQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=BAOnLg8xz/HX7iBPazryjgGzDg7+l7+F3AbP7nH4BXY=;
	b=I9mUPA13E7P3HycAb6Pwjy7CR+JEQYxbOb2P3yxN1WtVLOwn+w3Nn3lm1fRlPoQxO7
	37231se/Ek99EH2QC+Yy/FUCpLeTNII+K7MfvcJEIAUu4/hdptqtkOLl8HUFG4eaWhMs
	ZdLbWnwRG+IgOfSm3QYLC1m8vIJbRsWrt0j3fpdXxlqfhv8WtEgCxMlLLaaHM/VUZEZ6
	slDFD19wQ3+4QnIUdDBggWcZgDiIe5RauE+Y50gj1ufrhRI3m9I2r2dChYSiLlG/Daw+
	L3dPqar2yW7k3lCrr9HKfZxtJXOGfI1NdCAYVDWh24suJyKfeWKB82lRPag9yAp5cgxj
	6u1w==
X-Gm-Message-State: AElRT7HEm9aneFDCVPCaKMxNoml8LSkzEAuRn4WPzTDOoXG2lUdkKfME
	XI7B2xSBaUgPcv8MtIR4iqaP+w==
X-Google-Smtp-Source: 
 AG47ELvBBp2+nw3kJFkLk8hvrYCZEgSW7Jhcvxh8/Dm3ZVqTtUaCuJJh+ToOxT9UKk35u+cw7ji4Bw==
X-Received: by 10.55.52.1 with SMTP id b1mr40691740qka.324.1520529324287;
	Thu, 08 Mar 2018 09:15:24 -0800 (PST)
From: Tycho Andersen <tycho@tycho.ws>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
	kernel-hardening@lists.openwall.com, Tycho Andersen <tycho@tycho.ws>
Subject: [PATCH] ima: drop vla in ima_audit_measurement()
Date: Thu,  8 Mar 2018 10:14:56 -0700
Message-Id: <20180308171456.2597-1-tycho@tycho.ws>
X-Mailer: git-send-email 2.14.1
X-Virus-Scanned: ClamAV using ClamSMTP

In keeping with the directive to get rid of VLAs [1], let's drop the VLA
from ima_audit_measurement(). We need to adjust the return type of
ima_audit_measurement, because now this function can fail if an allocation
fails.

[1]: https://lkml.org/lkml/2018/3/7/621

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
---
 security/integrity/ima/ima.h      |  4 ++--
 security/integrity/ima/ima_api.c  | 31 +++++++++++++++++++++++--------
 security/integrity/ima/ima_main.c |  7 +++++--
 3 files changed, 30 insertions(+), 12 deletions(-)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index d52b487ad259..8e2470f72f7f 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -201,8 +201,8 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
 			   const unsigned char *filename,
 			   struct evm_ima_xattr_data *xattr_value,
 			   int xattr_len, int pcr);
-void ima_audit_measurement(struct integrity_iint_cache *iint,
-			   const unsigned char *filename);
+int ima_audit_measurement(struct integrity_iint_cache *iint,
+			  const unsigned char *filename);
 int ima_alloc_init_template(struct ima_event_data *event_data,
 			    struct ima_template_entry **entry);
 int ima_store_template(struct ima_template_entry *entry, int violation,
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 08fe405338e1..008d3887ae00 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -304,17 +304,28 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
 		ima_free_template_entry(entry);
 }
 
-void ima_audit_measurement(struct integrity_iint_cache *iint,
-			   const unsigned char *filename)
+int ima_audit_measurement(struct integrity_iint_cache *iint,
+			  const unsigned char *filename)
 {
 	struct audit_buffer *ab;
-	char hash[(iint->ima_hash->length * 2) + 1];
+	char *hash, *algo_hash;
 	const char *algo_name = hash_algo_name[iint->ima_hash->algo];
-	char algo_hash[sizeof(hash) + strlen(algo_name) + 2];
-	int i;
+	int i, hash_len, algo_hash_len;
 
 	if (iint->flags & IMA_AUDITED)
-		return;
+		return 0;
+
+	hash_len = (iint->ima_hash->length * 2) + 1;
+	hash = kzalloc(hash_len, GFP_KERNEL);
+	if (!hash)
+		return -ENOMEM;
+
+	algo_hash_len = hash_len + strlen(algo_name) + 2;
+	algo_hash = kzalloc(algo_hash_len, GFP_KERNEL);
+	if (!algo_hash) {
+		kfree(hash);
+		return -ENOMEM;
+	}
 
 	for (i = 0; i < iint->ima_hash->length; i++)
 		hex_byte_pack(hash + (i * 2), iint->ima_hash->digest[i]);
@@ -323,18 +334,22 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
 	ab = audit_log_start(current->audit_context, GFP_KERNEL,
 			     AUDIT_INTEGRITY_RULE);
 	if (!ab)
-		return;
+		goto out;
 
 	audit_log_format(ab, "file=");
 	audit_log_untrustedstring(ab, filename);
 	audit_log_format(ab, " hash=");
-	snprintf(algo_hash, sizeof(algo_hash), "%s:%s", algo_name, hash);
+	snprintf(algo_hash, algo_hash_len, "%s:%s", algo_name, hash);
 	audit_log_untrustedstring(ab, algo_hash);
 
 	audit_log_task_info(ab, current);
 	audit_log_end(ab);
 
 	iint->flags |= IMA_AUDITED;
+out:
+	kfree(hash);
+	kfree(algo_hash);
+	return 0;
 }
 
 /*
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 2cfb0c714967..356faae6f09c 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -288,8 +288,11 @@ static int process_measurement(struct file *file, char *buf, loff_t size,
 					      xattr_value, xattr_len, opened);
 		inode_unlock(inode);
 	}
-	if (action & IMA_AUDIT)
-		ima_audit_measurement(iint, pathname);
+	if (action & IMA_AUDIT) {
+		rc = ima_audit_measurement(iint, pathname);
+		if (rc < 0)
+			goto out_locked;
+	}
 
 	if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO))
 		rc = 0;