ima: store address of template_fmt_copy in a pointer before calling strsep

This patch stores the address of the 'template_fmt_copy' variable in a new
variable, called 'template_fmt_ptr', so that the latter is passed as an
argument of strsep() instead of the former. This modification is needed
in order to correctly free the memory area referenced by
'template_fmt_copy' (strsep() modifies the pointer of the passed string).

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Reported-by: Sebastian Ott <sebott@linux.vnet.ibm.com>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>

diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c
index 913e1927f916fccdfc7b0991d0f5795888291bbf..635695f6a185a1d24ee3d1bfb05d4f7ebe8cedb0 100644 (file)
--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -110,7 +110,7 @@ static int template_desc_init_fields(const char *template_fmt,
                                     struct ima_template_field ***fields,
                                     int *num_fields)
 {
-       char *c, *template_fmt_copy;
+       char *c, *template_fmt_copy, *template_fmt_ptr;
        int template_num_fields = template_fmt_size(template_fmt);
        int i, result = 0;
 
@@ -127,7 +127,9 @@ static int template_desc_init_fields(const char *template_fmt,
                result = -ENOMEM;
                goto out;
        }
-       for (i = 0; (c = strsep(&template_fmt_copy, "|")) != NULL &&
+
+       template_fmt_ptr = template_fmt_copy;
+       for (i = 0; (c = strsep(&template_fmt_ptr, "|")) != NULL &&
             i < template_num_fields; i++) {
                struct ima_template_field *f = lookup_template_field(c);