[PATCH v4 openEuler-23.09 46/46] ima: bugfix for digest lists importing

From: shenxiangwei <shenxiangwei1@huawei.com> euleros inclusion category: feature bugzilla: https://gitee.com/openeuler/kernel/issues/I7QZ2M CVE: NA ------------------------------------------------- The check for control character shouldn't be added when import a binary digest list. Signed-off-by: shenxiangwei <shenxiangwei1@huawei.com> Reviewed-by: Lu Huaxin <luhuaxin1@huawei.com> Reviewed-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Zheng Zengkai <zhengzengkai@huawei.com> Signed-off-by: zhoushuiqing <zhoushuiqing2@huawei.com> --- security/integrity/ima/ima_fs.c | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c index 237628466..69ebf0e1b 100644 --- a/security/integrity/ima/ima_fs.c +++ b/security/integrity/ima/ima_fs.c @@ -456,14 +456,6 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, goto out_free; data[datalen] = '\0'; - - for (i = 0; data[i] != '\n' && data[i] != '\0'; i++) { - if (iscntrl(data[i])) { - pr_err_once("invalid path (control characters are not allowed)\n"); - result = -EINVAL; - goto out_free; - } - } #else data = memdup_user_nul(buf, datalen); if (IS_ERR(data)) { @@ -477,6 +469,15 @@ static ssize_t ima_write_policy(struct file *file, const char __user *buf, goto out_free; if (data[0] == '/') { + for (i = 0; data[i] != '\n' && data[i] != '\0'; i++) { + if (iscntrl(data[i])) { + pr_err_once("invalid path (control characters are not allowed)\n"); + result = -EINVAL; + mutex_unlock(&ima_write_mutex); + goto out_free; + } + } + #ifdef CONFIG_IMA_DIGEST_LIST result = ima_read_file(data, dentry); } else if (dentry == ima_policy) { -- 2.33.0