ima: don't allocate a copy of template_fmt in template_desc_init_fields()

This patch removes the allocation of a copy of 'template_fmt', needed for
iterating over all fields in the passed template format string. The removal
was possible by replacing strcspn(), which modifies the passed string,
with strchrnul(). The currently processed template field is copied in
a temporary variable.

The purpose of this change is use template_desc_init_fields() in two ways:
for just validating a template format string (the function should work
if called by a setup function, when memory cannot be allocated), and for
actually initializing a template descriptor. The implementation of this
feature will be complete with the next patch.

Changelog:
 - v3:
   - added 'goto out' in template_desc_init_fields() to free allocated
     memory if a template field length is not valid (suggested by
     Mimi Zohar)

Signed-off-by: Roberto Sassu <[email protected]>
Signed-off-by: Mimi Zohar <[email protected]>

Author: Roberto Sassu

security/integrity/ima/ima_template.c

@@ -116,34 +116,39 @@ static int template_desc_init_fields(const char *template_fmt,
 				     struct ima_template_field ***fields,
 				     int *num_fields)
 {
-	char *c, *template_fmt_copy, *template_fmt_ptr;
+	const char *template_fmt_ptr;
 	int template_num_fields = template_fmt_size(template_fmt);
-	int i, result = 0;
+	int i, len, result = 0;
 
 	if (template_num_fields > IMA_TEMPLATE_NUM_FIELDS_MAX) {
 		pr_err("format string '%s' contains too many fields\n",
 		       template_fmt);
 		return -EINVAL;
 	}
 
-	/* copying is needed as strsep() modifies the original buffer */
-	template_fmt_copy = kstrdup(template_fmt, GFP_KERNEL);
-	if (template_fmt_copy == NULL)
-		return -ENOMEM;
-
 	*fields = kzalloc(template_num_fields * sizeof(*fields), GFP_KERNEL);
 	if (*fields == NULL) {
 		result = -ENOMEM;
 		goto out;
 	}
 
-	template_fmt_ptr = template_fmt_copy;
-	for (i = 0; (c = strsep(&template_fmt_ptr, "|")) != NULL &&
-	     i < template_num_fields; i++) {
-		struct ima_template_field *f = lookup_template_field(c);
+	for (i = 0, template_fmt_ptr = template_fmt; i < template_num_fields;
+	     i++, template_fmt_ptr += len + 1) {
+		char tmp_field_id[IMA_TEMPLATE_FIELD_ID_MAX_LEN + 1];
+		struct ima_template_field *f;
+
+		len = strchrnul(template_fmt_ptr, '|') - template_fmt_ptr;
+		if (len == 0 || len > IMA_TEMPLATE_FIELD_ID_MAX_LEN) {
+			pr_err("Invalid field with length %d\n", len);
+			result = -EINVAL;
+			goto out;
+		}
 
+		memcpy(tmp_field_id, template_fmt_ptr, len);
+		tmp_field_id[len] = '\0';
+		f = lookup_template_field(tmp_field_id);
 		if (!f) {
-			pr_err("field '%s' not found\n", c);
+			pr_err("field '%s' not found\n", tmp_field_id);
 			result = -ENOENT;
 			goto out;
 		}
@@ -155,7 +160,6 @@ static int template_desc_init_fields(const char *template_fmt,
 		kfree(*fields);
 		*fields = NULL;
 	}
-	kfree(template_fmt_copy);
 	return result;
 }