ima: no need to allocate entry for comment

If a rule is a comment, there is no need to allocate an entry.
Move the checking for comments before allocating the entry.

Signed-off-by: Dmitry Kasatkin <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>

Author: Dmitry Kasatkin

security/integrity/ima/ima_policy.c

@@ -694,6 +694,12 @@ ssize_t ima_parse_add_rule(char *rule)
 		return -EACCES;
 	}
 
+	p = strsep(&rule, "\n");
+	len = strlen(p) + 1;
+
+	if (*p == '#')
+		return len;
+
 	entry = kzalloc(sizeof(*entry), GFP_KERNEL);
 	if (!entry) {
 		integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
@@ -703,14 +709,6 @@ ssize_t ima_parse_add_rule(char *rule)
 
 	INIT_LIST_HEAD(&entry->list);
 
-	p = strsep(&rule, "\n");
-	len = strlen(p) + 1;
-
-	if (*p == '#') {
-		kfree(entry);
-		return len;
-	}
-
 	result = ima_parse_rule(p, entry);
 	if (result) {
 		kfree(entry);