summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@huawei.com>2020-06-05 08:50:28 +0200
committerMimi Zohar <zohar@linux.ibm.com>2020-06-05 06:04:11 -0400
commit42413b49804b250ced70dac8815388af2d4ad872 (patch)
tree3601d25bbbea1399bc3207955e9340bd49fd09fd /security
parent6cc7c266e5b47d3cd2b5bb7fd3aac4e6bb2dd1d2 (diff)
downloadlinux-stable-42413b49804b250ced70dac8815388af2d4ad872.tar.gz
linux-stable-42413b49804b250ced70dac8815388af2d4ad872.tar.bz2
linux-stable-42413b49804b250ced70dac8815388af2d4ad872.zip
ima: Directly free *entry in ima_alloc_init_template() if digests is NULL
To support multiple template digests, the static array entry->digest has been replaced with a dynamically allocated array in commit aa724fe18a8a ("ima: Switch to dynamically allocated buffer for template digests"). The array is allocated in ima_alloc_init_template() and if the returned pointer is NULL, ima_free_template_entry() is called. However, (*entry)->template_desc is not yet initialized while it is used by ima_free_template_entry(). This patch fixes the issue by directly freeing *entry without calling ima_free_template_entry(). Fixes: aa724fe18a8a ("ima: Switch to dynamically allocated buffer for template digests") Reported-by: syzbot+223310b454ba6b75974e@syzkaller.appspotmail.com Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_api.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 78e0b0a7723e..bf22de8b7ce0 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -55,8 +55,9 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
digests = kcalloc(NR_BANKS(ima_tpm_chip) + ima_extra_slots,
sizeof(*digests), GFP_NOFS);
if (!digests) {
- result = -ENOMEM;
- goto out;
+ kfree(*entry);
+ *entry = NULL;
+ return -ENOMEM;
}
(*entry)->digests = digests;