aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2013-12-06 11:28:35 -0500
committerLinus Torvalds <torvalds@linux-foundation.org>2013-12-06 11:28:35 -0500
commit470abdcfda7d59e1ca1edc407a6bfd24193d3e40 (patch)
tree9b6a6f7dfbdcd3b291833a301fb36c8e7fa6b875
parent24cb412041456924a405221635cb5fb64c643903 (diff)
parentbfb26328b9e4141dafc714c512c079c11d7c1552 (diff)
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security
Pull IMA fixes from James Morris: "Here are two more fixes for IMA" * 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security: ima: properly free ima_template_entry structures ima: Do not free 'entry' before it is initialized
Diffstat
-rw-r--r--security/integrity/ima/ima.h1
-rw-r--r--security/integrity/ima/ima_api.c21
-rw-r--r--security/integrity/ima/ima_init.c3
3 files changed, 19 insertions, 6 deletions
diff --git a/security/integrity/ima/ima.h b/security/integrity/ima/ima.h
index 9636e17c9f5d..0356e1d437ca 100644
--- a/security/integrity/ima/ima.h
+++ b/security/integrity/ima/ima.h
@@ -148,6 +148,7 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint,
148 int xattr_len, struct ima_template_entry **entry); 148 int xattr_len, struct ima_template_entry **entry);
149int ima_store_template(struct ima_template_entry *entry, int violation, 149int ima_store_template(struct ima_template_entry *entry, int violation,
150 struct inode *inode, const unsigned char *filename); 150 struct inode *inode, const unsigned char *filename);
151void ima_free_template_entry(struct ima_template_entry *entry);
151const char *ima_d_path(struct path *path, char **pathbuf); 152const char *ima_d_path(struct path *path, char **pathbuf);
152 153
153/* rbtree tree calls to lookup, insert, delete 154/* rbtree tree calls to lookup, insert, delete
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 80374842fe0b..c38bbce8c6a6 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -22,6 +22,19 @@
22#include "ima.h" 22#include "ima.h"
23 23
24/* 24/*
25 * ima_free_template_entry - free an existing template entry
26 */
27void ima_free_template_entry(struct ima_template_entry *entry)
28{
29 int i;
30
31 for (i = 0; i < entry->template_desc->num_fields; i++)
32 kfree(entry->template_data[i].data);
33
34 kfree(entry);
35}
36
37/*
25 * ima_alloc_init_template - create and initialize a new template entry 38 * ima_alloc_init_template - create and initialize a new template entry
26 */ 39 */
27int ima_alloc_init_template(struct integrity_iint_cache *iint, 40int ima_alloc_init_template(struct integrity_iint_cache *iint,
@@ -37,6 +50,7 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint,
37 if (!*entry) 50 if (!*entry)
38 return -ENOMEM; 51 return -ENOMEM;
39 52
53 (*entry)->template_desc = template_desc;
40 for (i = 0; i < template_desc->num_fields; i++) { 54 for (i = 0; i < template_desc->num_fields; i++) {
41 struct ima_template_field *field = template_desc->fields[i]; 55 struct ima_template_field *field = template_desc->fields[i];
42 u32 len; 56 u32 len;
@@ -51,10 +65,9 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint,
51 (*entry)->template_data_len += sizeof(len); 65 (*entry)->template_data_len += sizeof(len);
52 (*entry)->template_data_len += len; 66 (*entry)->template_data_len += len;
53 } 67 }
54 (*entry)->template_desc = template_desc;
55 return 0; 68 return 0;
56out: 69out:
57 kfree(*entry); 70 ima_free_template_entry(*entry);
58 *entry = NULL; 71 *entry = NULL;
59 return result; 72 return result;
60} 73}
@@ -134,7 +147,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
134 } 147 }
135 result = ima_store_template(entry, violation, inode, filename); 148 result = ima_store_template(entry, violation, inode, filename);
136 if (result < 0) 149 if (result < 0)
137 kfree(entry); 150 ima_free_template_entry(entry);
138err_out: 151err_out:
139 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, 152 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
140 op, cause, result, 0); 153 op, cause, result, 0);
@@ -269,7 +282,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
269 if (!result || result == -EEXIST) 282 if (!result || result == -EEXIST)
270 iint->flags |= IMA_MEASURED; 283 iint->flags |= IMA_MEASURED;
271 if (result < 0) 284 if (result < 0)
272 kfree(entry); 285 ima_free_template_entry(entry);
273} 286}
274 287
275void ima_audit_measurement(struct integrity_iint_cache *iint, 288void ima_audit_measurement(struct integrity_iint_cache *iint,
diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 15f34bd40abe..37122768554a 100644
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -63,7 +63,6 @@ static void __init ima_add_boot_aggregate(void)
63 result = ima_calc_boot_aggregate(&hash.hdr); 63 result = ima_calc_boot_aggregate(&hash.hdr);
64 if (result < 0) { 64 if (result < 0) {
65 audit_cause = "hashing_error"; 65 audit_cause = "hashing_error";
66 kfree(entry);
67 goto err_out; 66 goto err_out;
68 } 67 }
69 } 68 }
@@ -76,7 +75,7 @@ static void __init ima_add_boot_aggregate(void)
76 result = ima_store_template(entry, violation, NULL, 75 result = ima_store_template(entry, violation, NULL,
77 boot_aggregate_name); 76 boot_aggregate_name);
78 if (result < 0) 77 if (result < 0)
79 kfree(entry); 78 ima_free_template_entry(entry);
80 return; 79 return;
81err_out: 80err_out:
82 integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, 81 integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,
generated by cgit v1.2.2 (git 2.25.0) at 2025-12-26 12:11:21 -0500