From patchwork Wed Jan 25 09:33:12 2017
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: SF Markus Elfring <elfring@users.sourceforge.net>
X-Patchwork-Id: 9536605
Return-Path: <linux-security-module-owner@kernel.org>
Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org
	[172.30.200.125])
	by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id
	D5AD8601D7
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 25 Jan 2017 09:34:04 +0000 (UTC)
Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id BEDC4205F6
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 25 Jan 2017 09:34:04 +0000 (UTC)
Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486)
	id B32C326E94; Wed, 25 Jan 2017 09:34:04 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on
	pdx-wl-mail.web.codeaurora.org
X-Spam-Level: 
X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI
	autolearn=ham version=3.3.1
Received: from vger.kernel.org (vger.kernel.org [209.132.180.67])
	by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 6BC73205F6
	for <patchwork-linux-security-module@patchwork.kernel.org>;
	Wed, 25 Jan 2017 09:34:04 +0000 (UTC)
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
	id S1751602AbdAYJdn (ORCPT
	<rfc822;patchwork-linux-security-module@patchwork.kernel.org>);
	Wed, 25 Jan 2017 04:33:43 -0500
Received: from mout.web.de ([217.72.192.78]:52785 "EHLO mout.web.de"
	rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP
	id S1751598AbdAYJdj (ORCPT
	<rfc822;linux-security-module@vger.kernel.org>);
	Wed, 25 Jan 2017 04:33:39 -0500
Received: from [192.168.1.2] ([77.181.222.247]) by smtp.web.de (mrweb102
	[213.165.67.124]) with ESMTPSA (Nemesis) id 0MUWBb-1cxRaj14UN-00RIEZ;
	Wed, 25 Jan 2017 10:33:14 +0100
Subject: [PATCH 2/3] ima_fs: Reorder input parameter validation in
	ima_write_policy()
To: linux-ima-devel@lists.sourceforge.net,
	linux-ima-user@lists.sourceforge.net,
	linux-security-module@vger.kernel.org,
	Dmitry Kasatkin <dmitry.kasatkin@gmail.com>,
	James Morris <james.l.morris@oracle.com>,
	Mimi Zohar <zohar@linux.vnet.ibm.com>,
	"Serge E. Hallyn" <serge@hallyn.com>
References: <e06d5392-5262-2d88-aa6b-79e53a20fc8b@users.sourceforge.net>
Cc: LKML <linux-kernel@vger.kernel.org>, kernel-janitors@vger.kernel.org
From: SF Markus Elfring <elfring@users.sourceforge.net>
Message-ID: <4f91be7b-a983-de6c-1f79-5266dcf5157e@users.sourceforge.net>
Date: Wed, 25 Jan 2017 10:33:12 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101
	Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <e06d5392-5262-2d88-aa6b-79e53a20fc8b@users.sourceforge.net>
X-Provags-ID: V03:K0:9YAmRTTSgxCfO9rb9WNBYzY9iqH7shnRF+sWau2V/nuDGGIofki
	iEZxLHif1yrHt+80seJOoULEEHhOPI8YMGCe5AXf9C6Fn0qgysG8Fu9cL/oYr7rDylAFLCx
	JUaAXW9ZytJYdj5F3AvxGkXRXxezWRU/w6KbfoKaqW/QciAy3ESsO4/Vck9arp/H4MYyNsl
	uTsE+7a+hkIaVjQAgQCCw==
X-UI-Out-Filterresults: notjunk:1; V01:K0:Qse0Q2Quj5s=:sXUQnrzlTk93U1Np+7JSFe
	q7wLJPKII4M0FdLnfsxTrN4Nl2L3QY1RjkM/K61e4GImCIf26eZCxpzOA65LCe6uaS4SRU8qy
	LUgYIW80NLkhORsdbqUwS4btD/GQljf3IEtjAYHGPaaELBmqM6zTkLIkl7DJIzw7U5rn/aQZh
	FRTHQloAfWCd4n0OGyYLN3SMjDU1Qa/HdXR8F1/gP5tsCmzRXggLgWqbqGYSlUz/iXqOwP764
	km2XaWY+hax2y6+50X4dSHYA+MNmd5/xr0+caLbBcEZQoWWxOGSPGCceibNpoCzuqQBWnx7tP
	qY5DDJ7bke8Thtjz1rKVVA7eM2AvDkxIerYGMa+2OC6cuYY3zfRx70Wkhp4HAHp4TJwhQl3Kg
	S93XGM7ybTkovXRDGJb0dN6ikRQGzzJu3JE3P1h6ZsSBP1wRzuE/48s8eXw9PN//t09O5Ju0l
	sCcSIxPmv6+C3CKi2dI3ZSx9whprpEgXTQlhesfNxx5aGhdcIWvKBoaVfX2yM7OEjwYhmodiP
	bXL7ioeI7MnRIThmSfNGKsR+v7qBKjvBVCnh8zy3jzcjv0+/zowQjs0yWE+1lkJkAhxaq1HoL
	f8YTREXesPENqZwJsweaZFQ+XnszDcn0dXCUSZiMRZiKybv9yqkCnLaHC3+AnLARPhDn5/6vd
	4P0vXuK+HiQp74GwrGsej8yeGH1qRTN0UOK5noXI9be5ZzrUExDgKDmyohSIY+kLK71ZfhYl1
	1HApVWdwJavSB8G8yAcAiDz0cVekT8P80gDMnmHSxbAIPIVst5UbseVAwvKvVHxtuDY6WQW4s
	5tSbwgt
Sender: owner-linux-security-module@vger.kernel.org
Precedence: bulk
List-ID: <linux-security-module.vger.kernel.org>
X-Virus-Scanned: ClamAV using ClamSMTP

From: Markus Elfring <elfring@users.sourceforge.net>
Date: Tue, 24 Jan 2017 22:38:00 +0100

Move validation for the input parameter "ppos" to the beginning in this
function so that a following check for the input parameter "datalen"
can be occasionally avoided earlier.

Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
---
 security/integrity/ima/ima_fs.c | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index c1c8d34d111d..98304411915d 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -315,15 +315,14 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
 	char *data;
 	ssize_t result;
 
-	if (datalen >= PAGE_SIZE)
-		datalen = PAGE_SIZE - 1;
-
 	/* No partial writes. */
 	result = -EINVAL;
 	if (*ppos != 0)
 		goto reset_validity;
 
 	result = -ENOMEM;
+	if (datalen >= PAGE_SIZE)
+		datalen = PAGE_SIZE - 1;
 	data = kmalloc(datalen + 1, GFP_KERNEL);
 	if (!data)
 		goto reset_validity;