ima: uncover hidden variable in ima_match_rules()

The variable name "prop" is inadvertently used twice in
ima_match_rules(), resulting in incorrect use of the local
variable when the function parameter should have been.
Rename the local variable and correct the use of the parameter.

Suggested-by: Roberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: Roberto Sassu <roberto.sassu@huawei.com>
[PM: subj tweak, Roberto's ACK]
Signed-off-by: Paul Moore <paul@paul-moore.com>

diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index dbfd554b4624e7fd231abc3b0c6c463a8ada23f3..21a8e54c383f08a9fc9e478f726cb9d1ab7f34a5 100644 (file)
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -635,7 +635,7 @@ static bool ima_match_rules(struct ima_rule_entry *rule,
                return false;
        for (i = 0; i < MAX_LSM_RULES; i++) {
                int rc = 0;
-               struct lsm_prop prop = { };
+               struct lsm_prop inode_prop = { };
 
                if (!lsm_rule->lsm[i].rule) {
                        if (!lsm_rule->lsm[i].args_p)
@@ -649,15 +649,16 @@ retry:
                case LSM_OBJ_USER:
                case LSM_OBJ_ROLE:
                case LSM_OBJ_TYPE:
-                       security_inode_getlsmprop(inode, &prop);
-                       rc = ima_filter_rule_match(&prop, lsm_rule->lsm[i].type,
+                       security_inode_getlsmprop(inode, &inode_prop);
+                       rc = ima_filter_rule_match(&inode_prop,
+                                                  lsm_rule->lsm[i].type,
                                                   Audit_equal,
                                                   lsm_rule->lsm[i].rule);
                        break;
                case LSM_SUBJ_USER:
                case LSM_SUBJ_ROLE:
                case LSM_SUBJ_TYPE:
-                       rc = ima_filter_rule_match(&prop, lsm_rule->lsm[i].type,
+                       rc = ima_filter_rule_match(prop, lsm_rule->lsm[i].type,
                                                   Audit_equal,
                                                   lsm_rule->lsm[i].rule);
                        break;