summaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorXiu Jianfeng <xiujianfeng@huawei.com>2022-10-21 17:36:02 +0800
committerJohn Johansen <john.johansen@canonical.com>2022-10-25 00:15:19 -0700
commit3265949f7cd36a724a35020202c618094be1cf28 (patch)
treef3c973e9357a5bcce469549689065b222e660275 /security
parent7dd426e33e2f9275ac03a306efdc89aa86515a52 (diff)
downloadlinux-stable-3265949f7cd36a724a35020202c618094be1cf28.tar.gz
linux-stable-3265949f7cd36a724a35020202c618094be1cf28.tar.bz2
linux-stable-3265949f7cd36a724a35020202c618094be1cf28.zip
apparmor: Fix memleak issue in unpack_profile()
Before aa_alloc_profile(), it has allocated string for @*ns_name if @tmpns is not NULL, so directly return -ENOMEM if aa_alloc_profile() failed will cause a memleak issue, and even if aa_alloc_profile() succeed, in the @fail_profile tag of aa_unpack(), it need to free @ns_name as well, this patch fixes them. Fixes: 736ec752d95e ("AppArmor: policy routines for loading and unpacking policy") Fixes: 04dc715e24d0 ("apparmor: audit policy ns specified in policy load") Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com> Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'security')
-rw-r--r--security/apparmor/policy_unpack.c15
1 files changed, 12 insertions, 3 deletions
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 2e028d540c6b..1bf8cfb8700a 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -858,8 +858,11 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
}
profile = aa_alloc_profile(name, NULL, GFP_KERNEL);
- if (!profile)
- return ERR_PTR(-ENOMEM);
+ if (!profile) {
+ info = "out of memory";
+ error = -ENOMEM;
+ goto fail;
+ }
rules = list_first_entry(&profile->rules, typeof(*rules), list);
/* profile renaming is optional */
@@ -1090,6 +1093,10 @@ fail:
if (error == 0)
/* default error covers most cases */
error = -EPROTO;
+ if (*ns_name) {
+ kfree(*ns_name);
+ *ns_name = NULL;
+ }
if (profile)
name = NULL;
else if (!name)
@@ -1392,6 +1399,7 @@ int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
{
struct aa_load_ent *tmp, *ent;
struct aa_profile *profile = NULL;
+ char *ns_name = NULL;
int error;
struct aa_ext e = {
.start = udata->data,
@@ -1401,7 +1409,6 @@ int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
*ns = NULL;
while (e.pos < e.end) {
- char *ns_name = NULL;
void *start;
error = verify_header(&e, e.pos == e.start, ns);
if (error)
@@ -1432,6 +1439,7 @@ int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
ent->new = profile;
ent->ns_name = ns_name;
+ ns_name = NULL;
list_add_tail(&ent->list, lh);
}
udata->abi = e.version & K_ABI_MASK;
@@ -1452,6 +1460,7 @@ int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
return 0;
fail_profile:
+ kfree(ns_name);
aa_put_profile(profile);
fail: