audit: catch possible NULL audit buffers

It's possible for audit_log_start() to return NULL.  Handle it in the
various callers.

Signed-off-by: Kees Cook <keescook@chromium.org>
Cc: Al Viro <viro@zeniv.linux.org.uk>
Cc: Eric Paris <eparis@redhat.com>
Cc: Jeff Layton <jlayton@redhat.com>
Cc: "Eric W. Biederman" <ebiederm@xmission.com>
Cc: Julien Tinnes <jln@google.com>
Cc: Will Drewry <wad@google.com>
Cc: Steve Grubb <sgrubb@redhat.com>
Cc: Andrea Arcangeli <aarcange@redhat.com>
Signed-off-by: Andrew Morton <akpm@linux-foundation.org>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

1 files changed, 4 insertions, 0 deletions

diff --git a/kernel/audit.c b/kernel/audit.c
index 40414e9143db..a219998aecc1 100644
--- a/kernel/audit.c
+++ b/kernel/audit.c
@@ -272,6 +272,8 @@ static int audit_log_config_change(char *function_name, int new, int old,
         int rc = 0;
 
         ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
+        if (unlikely(!ab))
+                return rc;
         audit_log_format(ab, "%s=%d old=%d auid=%u ses=%u", function_name, new,
                          old, from_kuid(&init_user_ns, loginuid), sessionid);
         if (sid) {
@@ -619,6 +621,8 @@ static int audit_log_common_recv_msg(struct audit_buffer **ab, u16 msg_type,
         }
 
         *ab = audit_log_start(NULL, GFP_KERNEL, msg_type);
+        if (unlikely(!*ab))
+                return rc;
         audit_log_format(*ab, "pid=%d uid=%u auid=%u ses=%u",
                          task_tgid_vnr(current),
                          from_kuid(&init_user_ns, current_uid()),