diff options
| author | Huaxin Lu <luhuaxin1@huawei.com> | 2022-11-03 00:09:49 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-01-07 11:11:52 +0100 |
| commit | 3ac71fd8ffa11b78f54200f3fd988f887c658ded (patch) | |
| tree | f9baff9c8a283f13be6a4daf774b05db1caf57cf /security | |
| parent | 9944a141e5eaaef6f2298cd3be1783b027b4a0dd (diff) | |
| download | linux-stable-3ac71fd8ffa11b78f54200f3fd988f887c658ded.tar.gz linux-stable-3ac71fd8ffa11b78f54200f3fd988f887c658ded.tar.bz2 linux-stable-3ac71fd8ffa11b78f54200f3fd988f887c658ded.zip | |
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
commit 11220db412edae8dba58853238f53258268bdb88 upstream.
In restore_template_fmt, when kstrdup fails, a non-NULL value will still be
returned, which causes a NULL pointer access in template_desc_init_fields.
Fixes: c7d09367702e ("ima: support restoring multiple template formats")
Cc: stable@kernel.org
Co-developed-by: Jiaming Li <lijiaming30@huawei.com>
Signed-off-by: Jiaming Li <lijiaming30@huawei.com>
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_template.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index 195ac18f0927..04c49f05cb74 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -340,8 +340,11 @@ static struct ima_template_desc *restore_template_fmt(char *template_name) template_desc->name = ""; template_desc->fmt = kstrdup(template_name, GFP_KERNEL); - if (!template_desc->fmt) + if (!template_desc->fmt) { + kfree(template_desc); + template_desc = NULL; goto out; + } spin_lock(&template_list); list_add_tail_rcu(&template_desc->list, &defined_templates); |