diff options
author | Roberto Sassu <roberto.sassu@polito.it> | 2011-12-19 09:57:28 -0500 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@suse.de> | 2012-01-25 20:24:41 -0500 |
commit | ffdfcb4347b7f5082e6e191175d46d74c235c2c7 (patch) | |
tree | 8b23426844bf24fd8c355c43563edec9d2daa8a1 /security/integrity | |
parent | 808f398267e920a772c1ae07781adfb0d4d1c48a (diff) |
ima: fix invalid memory reference
commit 7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da upstream.
Don't free a valid measurement entry on TPM PCR extend failure.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>
Diffstat (limited to 'security/integrity')
-rw-r--r-- | security/integrity/ima/ima_queue.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index e1a5062b1f6..55a6271bce7 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c | |||
@@ -23,6 +23,8 @@ | |||
23 | #include <linux/slab.h> | 23 | #include <linux/slab.h> |
24 | #include "ima.h" | 24 | #include "ima.h" |
25 | 25 | ||
26 | #define AUDIT_CAUSE_LEN_MAX 32 | ||
27 | |||
26 | LIST_HEAD(ima_measurements); /* list of all measurements */ | 28 | LIST_HEAD(ima_measurements); /* list of all measurements */ |
27 | 29 | ||
28 | /* key: inode (before secure-hashing a file) */ | 30 | /* key: inode (before secure-hashing a file) */ |
@@ -94,7 +96,8 @@ static int ima_pcr_extend(const u8 *hash) | |||
94 | 96 | ||
95 | result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); | 97 | result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); |
96 | if (result != 0) | 98 | if (result != 0) |
97 | pr_err("IMA: Error Communicating to TPM chip\n"); | 99 | pr_err("IMA: Error Communicating to TPM chip, result: %d\n", |
100 | result); | ||
98 | return result; | 101 | return result; |
99 | } | 102 | } |
100 | 103 | ||
@@ -106,8 +109,9 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, | |||
106 | { | 109 | { |
107 | u8 digest[IMA_DIGEST_SIZE]; | 110 | u8 digest[IMA_DIGEST_SIZE]; |
108 | const char *audit_cause = "hash_added"; | 111 | const char *audit_cause = "hash_added"; |
112 | char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX]; | ||
109 | int audit_info = 1; | 113 | int audit_info = 1; |
110 | int result = 0; | 114 | int result = 0, tpmresult = 0; |
111 | 115 | ||
112 | mutex_lock(&ima_extend_list_mutex); | 116 | mutex_lock(&ima_extend_list_mutex); |
113 | if (!violation) { | 117 | if (!violation) { |
@@ -129,9 +133,11 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, | |||
129 | if (violation) /* invalidate pcr */ | 133 | if (violation) /* invalidate pcr */ |
130 | memset(digest, 0xff, sizeof digest); | 134 | memset(digest, 0xff, sizeof digest); |
131 | 135 | ||
132 | result = ima_pcr_extend(digest); | 136 | tpmresult = ima_pcr_extend(digest); |
133 | if (result != 0) { | 137 | if (tpmresult != 0) { |
134 | audit_cause = "TPM error"; | 138 | snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)", |
139 | tpmresult); | ||
140 | audit_cause = tpm_audit_cause; | ||
135 | audit_info = 0; | 141 | audit_info = 0; |
136 | } | 142 | } |
137 | out: | 143 | out: |