diff options
author | Roberto Sassu <roberto.sassu@polito.it> | 2013-11-27 14:40:41 +0100 |
---|---|---|
committer | James Morris <james.l.morris@oracle.com> | 2013-11-30 13:09:53 +1100 |
commit | af91706d5ddecb4a9858cca9e90d463037cfd498 (patch) | |
tree | 6deb94f92beb6a51eadad053ded7da136847062f /security/integrity/ima | |
parent | dc1ccc48159d63eca5089e507c82c7d22ef60839 (diff) |
ima: store address of template_fmt_copy in a pointer before calling strsep
This patch stores the address of the 'template_fmt_copy' variable in a new
variable, called 'template_fmt_ptr', so that the latter is passed as an
argument of strsep() instead of the former. This modification is needed
in order to correctly free the memory area referenced by
'template_fmt_copy' (strsep() modifies the pointer of the passed string).
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Reported-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
Diffstat (limited to 'security/integrity/ima')
-rw-r--r-- | security/integrity/ima/ima_template.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index 913e1927f916..635695f6a185 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -110,7 +110,7 @@ static int template_desc_init_fields(const char *template_fmt, struct ima_template_field ***fields, int *num_fields) { - char *c, *template_fmt_copy; + char *c, *template_fmt_copy, *template_fmt_ptr; int template_num_fields = template_fmt_size(template_fmt); int i, result = 0; @@ -127,7 +127,9 @@ static int template_desc_init_fields(const char *template_fmt, result = -ENOMEM; goto out; } - for (i = 0; (c = strsep(&template_fmt_copy, "|")) != NULL && + + template_fmt_ptr = template_fmt_copy; + for (i = 0; (c = strsep(&template_fmt_ptr, "|")) != NULL && i < template_num_fields; i++) { struct ima_template_field *f = lookup_template_field(c); |