From patchwork Thu Mar  8 20:23:47 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Tycho Andersen <tycho@tycho.ws>
X-Patchwork-Id: 10269193
Return-Path: 
 <kernel-hardening-return-12257-patchwork-kernel-hardening=patchwork.kernel.org@lists.openwall.com>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	05B506016D for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  8 Mar 2018 20:25:56 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EA79228768
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  8 Mar 2018 20:25:55 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id DEE4929A38; Thu,  8 Mar 2018 20:25:55 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=2.0 tests=BAYES_00,DKIM_SIGNED,
	DKIM_VALID,RCVD_IN_DNSWL_MED autolearn=ham version=3.3.1
Received: from mother.openwall.net (mother.openwall.net [195.42.179.200])
	by mail.wl.linuxfoundation.org (Postfix) with SMTP id 0B89228768
	for <patchwork-kernel-hardening@patchwork.kernel.org>;
	Thu,  8 Mar 2018 20:25:54 +0000 (UTC)
Received: (qmail 3412 invoked by uid 550); 8 Mar 2018 20:25:53 -0000
Mailing-List: contact kernel-hardening-help@lists.openwall.com; run by ezmlm
Precedence: bulk
List-Post: <mailto:kernel-hardening@lists.openwall.com>
List-Help: <mailto:kernel-hardening-help@lists.openwall.com>
List-Unsubscribe: <mailto:kernel-hardening-unsubscribe@lists.openwall.com>
List-Subscribe: <mailto:kernel-hardening-subscribe@lists.openwall.com>
List-ID: <kernel-hardening.lists.openwall.com>
Delivered-To: mailing list kernel-hardening@lists.openwall.com
Received: (qmail 3365 invoked from network); 8 Mar 2018 20:25:52 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=tycho-ws.20150623.gappssmtp.com; s=20150623;
	h=from:to:cc:subject:date:message-id;
	bh=utvQamLhNRz0WjN2Bpo3kqLK74ALg/V17hjtS2daHX8=;
	b=Lijz3pye9AqprGG8Tb4p2mhX58ShqM/ODX6RwiaOtFTANb9ibwcemlfqXys/aviYZZ
	xt9TkNDMwJof+hCbLH0l/ViULiHb3823t15dFm1qPdSDiwgUV84LJbCJ8FFgSqKXYR16
	YjXRPI9tu0kz6OWQOOEd4uGJyhnoIoO/aGsb6vHqyS72YYYu3maYx1EL3TY7iCuCM9EQ
	n5hLImCr8yOlrnICwohmiztrAlld2UkxWkqO+2CKCC551Rq3qcUr0eRv/d3QEssVdRKL
	S5fuGVgkpvocOwporJSQI7rBhgQy74kq60g5YqpTsZME8ZOUyENPXdsV/WvDG74ex3Cs
	OhDg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id;
	bh=utvQamLhNRz0WjN2Bpo3kqLK74ALg/V17hjtS2daHX8=;
	b=Ts3xafJLkTHg7UpE6YxIXJd3LNugJ2qav9zul2IkfmpMo7nkGlLi8tvs9XQrngdlXG
	gr6XN135xXDFcfJ3wzgB267gU5RxgD4gMY3dlSHvlgui9+p/t/IFHpMlwveVQnHrn0bX
	GbZyf4HCm0r5u1l9RfQ2c1UECf0kso87np3eRAwSXwednTF34pQMOHfgEZw15avBqQin
	+Oyt+QpiQukH8eyW+tqfg6hNGAWB6VRi2zFutZ0ITHWxwTr5354/lP1xLB1/GsJhGvNx
	bJ24FCYZ320wJtqR/lsCudqa3VmlRhyaEzTQNx8JokhbKhcc81JPTzJtgM9cqUDBEoBp
	BRBQ==
X-Gm-Message-State: AElRT7F+vUlHdrH879vJDmqndeamFAj9D3HAAvLsX/bn2QZwsjBluREW
	b64zd7FWtQIh3MCKP8GYzXyo7g==
X-Google-Smtp-Source: 
 AG47ELv0hiBfrLbrkTRojBQ3hfOZipdLw2G4b5SrYfMybvXWagEhhRz/QfmYz5rB1I6yDhuy1ze6iQ==
X-Received: by 10.107.97.21 with SMTP id v21mr31698415iob.22.1520540740269;
	Thu, 08 Mar 2018 12:25:40 -0800 (PST)
From: Tycho Andersen <tycho@tycho.ws>
To: Mimi Zohar <zohar@linux.vnet.ibm.com>,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: linux-integrity@vger.kernel.org, linux-kernel@vger.kernel.org,
	kernel-hardening@lists.openwall.com, Tycho Andersen <tycho@tycho.ws>
Subject: [PATCH v2] ima: drop vla in ima_audit_measurement()
Date: Thu,  8 Mar 2018 13:23:47 -0700
Message-Id: <20180308202347.31331-1-tycho@tycho.ws>
X-Mailer: git-send-email 2.14.1
X-Virus-Scanned: ClamAV using ClamSMTP

In keeping with the directive to get rid of VLAs [1], let's drop the VLA
from ima_audit_measurement(). We need to adjust the return type of
ima_audit_measurement, because now this function can fail if an allocation
fails.

[1]: https://lkml.org/lkml/2018/3/7/621

v2: just use audit_log_format instead of doing a second allocation

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
---
 security/integrity/ima/ima.h      |  4 ++--
 security/integrity/ima/ima_api.c  | 22 +++++++++++++---------
 security/integrity/ima/ima_main.c |  7 +++++--
 3 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index d52b487ad259..8e2470f72f7f 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -201,8 +201,8 @@ void ima_store_measurement(struct integrity_iint_cache *iint, struct file *file,
 			   const unsigned char *filename,
 			   struct evm_ima_xattr_data *xattr_value,
 			   int xattr_len, int pcr);
-void ima_audit_measurement(struct integrity_iint_cache *iint,
-			   const unsigned char *filename);
+int ima_audit_measurement(struct integrity_iint_cache *iint,
+			  const unsigned char *filename);
 int ima_alloc_init_template(struct ima_event_data *event_data,
 			    struct ima_template_entry **entry);
 int ima_store_template(struct ima_template_entry *entry, int violation,
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 08fe405338e1..3a4442405cc8 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -304,17 +304,20 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
 		ima_free_template_entry(entry);
 }
 
-void ima_audit_measurement(struct integrity_iint_cache *iint,
-			   const unsigned char *filename)
+int ima_audit_measurement(struct integrity_iint_cache *iint,
+			  const unsigned char *filename)
 {
 	struct audit_buffer *ab;
-	char hash[(iint->ima_hash->length * 2) + 1];
+	char *hash;
 	const char *algo_name = hash_algo_name[iint->ima_hash->algo];
-	char algo_hash[sizeof(hash) + strlen(algo_name) + 2];
 	int i;
 
 	if (iint->flags & IMA_AUDITED)
-		return;
+		return 0;
+
+	hash = kzalloc((iint->ima_hash->length * 2) + 1, GFP_KERNEL);
+	if (!hash)
+		return -ENOMEM;
 
 	for (i = 0; i < iint->ima_hash->length; i++)
 		hex_byte_pack(hash + (i * 2), iint->ima_hash->digest[i]);
@@ -323,18 +326,19 @@ void ima_audit_measurement(struct integrity_iint_cache *iint,
 	ab = audit_log_start(current->audit_context, GFP_KERNEL,
 			     AUDIT_INTEGRITY_RULE);
 	if (!ab)
-		return;
+		goto out;
 
 	audit_log_format(ab, "file=");
 	audit_log_untrustedstring(ab, filename);
-	audit_log_format(ab, " hash=");
-	snprintf(algo_hash, sizeof(algo_hash), "%s:%s", algo_name, hash);
-	audit_log_untrustedstring(ab, algo_hash);
+	audit_log_format(ab, " hash=\"%s:%s\"", algo_name, hash);
 
 	audit_log_task_info(ab, current);
 	audit_log_end(ab);
 
 	iint->flags |= IMA_AUDITED;
+out:
+	kfree(hash);
+	return 0;
 }
 
 /*
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 2cfb0c714967..356faae6f09c 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -288,8 +288,11 @@ static int process_measurement(struct file *file, char *buf, loff_t size,
 					      xattr_value, xattr_len, opened);
 		inode_unlock(inode);
 	}
-	if (action & IMA_AUDIT)
-		ima_audit_measurement(iint, pathname);
+	if (action & IMA_AUDIT) {
+		rc = ima_audit_measurement(iint, pathname);
+		if (rc < 0)
+			goto out_locked;
+	}
 
 	if ((file->f_flags & O_DIRECT) && (iint->flags & IMA_PERMIT_DIRECTIO))
 		rc = 0;