[PATCH 3/3] ima_fs: Move three error code assignments in ima_write_policy()
From: SF Markus Elfring
Date: Wed Jan 25 2017 - 04:34:59 EST
From: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 24 Jan 2017 22:47:07 +0100
A local variable was set to an error code in three cases before a concrete
error situation was detected. Thus move the corresponding assignments into
if branches to indicate a software failure there.
This issue was detected by using the Coccinelle software.
Signed-off-by: Markus Elfring <elfring@xxxxxxxxxxxxxxxxxxxxx>
---
security/integrity/ima/ima_fs.c | 15 +++++++++------
1 file changed, 9 insertions(+), 6 deletions(-)
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index 98304411915d..a50c26f9772c 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -317,21 +317,24 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf,
/* No partial writes. */
result = -EINVAL;
- if (*ppos != 0)
+ if (*ppos != 0) {
+ result = -EINVAL;
goto reset_validity;
+ }
- result = -ENOMEM;
if (datalen >= PAGE_SIZE)
datalen = PAGE_SIZE - 1;
data = kmalloc(datalen + 1, GFP_KERNEL);
- if (!data)
+ if (!data) {
+ result = -ENOMEM;
goto reset_validity;
+ }
*(data + datalen) = '\0';
-
- result = -EFAULT;
- if (copy_from_user(data, buf, datalen))
+ if (copy_from_user(data, buf, datalen)) {
+ result = -EFAULT;
goto out_free;
+ }
result = mutex_lock_interruptible(&ima_write_mutex);
if (result < 0)
--
2.11.0