diff options
author | Roberto Sassu <roberto.sassu@polito.it> | 2011-12-19 09:57:28 -0500 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-12-19 22:07:54 -0500 |
commit | 7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da (patch) | |
tree | af324024e68047b9fff7ddf49c3e8f8e6024792e | |
parent | 45fae7493970d7c45626ccd96d4a74f5f1eea5a9 (diff) |
ima: fix invalid memory reference
Don't free a valid measurement entry on TPM PCR extend failure.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Cc: stable@vger.kernel.org
-rw-r--r-- | security/integrity/ima/ima_queue.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index e1a5062b1f6a..55a6271bce7a 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c | |||
@@ -23,6 +23,8 @@ | |||
23 | #include <linux/slab.h> | 23 | #include <linux/slab.h> |
24 | #include "ima.h" | 24 | #include "ima.h" |
25 | 25 | ||
26 | #define AUDIT_CAUSE_LEN_MAX 32 | ||
27 | |||
26 | LIST_HEAD(ima_measurements); /* list of all measurements */ | 28 | LIST_HEAD(ima_measurements); /* list of all measurements */ |
27 | 29 | ||
28 | /* key: inode (before secure-hashing a file) */ | 30 | /* key: inode (before secure-hashing a file) */ |
@@ -94,7 +96,8 @@ static int ima_pcr_extend(const u8 *hash) | |||
94 | 96 | ||
95 | result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); | 97 | result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); |
96 | if (result != 0) | 98 | if (result != 0) |
97 | pr_err("IMA: Error Communicating to TPM chip\n"); | 99 | pr_err("IMA: Error Communicating to TPM chip, result: %d\n", |
100 | result); | ||
98 | return result; | 101 | return result; |
99 | } | 102 | } |
100 | 103 | ||
@@ -106,8 +109,9 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, | |||
106 | { | 109 | { |
107 | u8 digest[IMA_DIGEST_SIZE]; | 110 | u8 digest[IMA_DIGEST_SIZE]; |
108 | const char *audit_cause = "hash_added"; | 111 | const char *audit_cause = "hash_added"; |
112 | char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX]; | ||
109 | int audit_info = 1; | 113 | int audit_info = 1; |
110 | int result = 0; | 114 | int result = 0, tpmresult = 0; |
111 | 115 | ||
112 | mutex_lock(&ima_extend_list_mutex); | 116 | mutex_lock(&ima_extend_list_mutex); |
113 | if (!violation) { | 117 | if (!violation) { |
@@ -129,9 +133,11 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, | |||
129 | if (violation) /* invalidate pcr */ | 133 | if (violation) /* invalidate pcr */ |
130 | memset(digest, 0xff, sizeof digest); | 134 | memset(digest, 0xff, sizeof digest); |
131 | 135 | ||
132 | result = ima_pcr_extend(digest); | 136 | tpmresult = ima_pcr_extend(digest); |
133 | if (result != 0) { | 137 | if (tpmresult != 0) { |
134 | audit_cause = "TPM error"; | 138 | snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)", |
139 | tpmresult); | ||
140 | audit_cause = tpm_audit_cause; | ||
135 | audit_info = 0; | 141 | audit_info = 0; |
136 | } | 142 | } |
137 | out: | 143 | out: |