IMA: handle whitespace better
Eric Paris [Tue, 20 Apr 2010 14:21:18 +0000 (10:21 -0400)]
IMA parser will fail if whitespace is used in any way other than a single
space.  Using a tab or even using 2 spaces in a row will result in a policy
being rejected.  This patch makes the kernel ignore whitespace a bit better.

Signed-off-by: Eric Paris <eparis@redhat.com>
Acked-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: James Morris <jmorris@namei.org>

security/integrity/ima/ima_policy.c

index dee2dc0..1bc9e31 100644 (file)
@@ -265,15 +265,15 @@ static int ima_parse_rule(char *rule, struct ima_measure_rule_entry *entry)
 
        entry->uid = -1;
        entry->action = UNKNOWN;
-       while ((p = strsep(&rule, " ")) != NULL) {
+       while ((p = strsep(&rule, " \t")) != NULL) {
                substring_t args[MAX_OPT_ARGS];
                int token;
                unsigned long lnum;
 
                if (result < 0)
                        break;
-               if (!*p)
-                       break;
+               if ((*p == '\0') || (*p == ' ') || (*p == '\t'))
+                       continue;
                token = match_token(p, policy_tokens, args);
                switch (token) {
                case Opt_measure: