aboutsummaryrefslogtreecommitdiffstats
path: root/kernel
diff options
context:
space:
mode:
authorEric Paris <eparis@redhat.com>2009-06-11 14:31:33 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2009-06-23 23:50:33 -0400
commit35aa901c0b66cb3c2eeee23f13624014825a44a8 (patch)
tree5ec19e8b65c1f3e6417c197288c42c60c852ef48 /kernel
parent4e8a2372f9255a1464ef488ed925455f53fbdaa1 (diff)
Audit: fix audit watch use after free
When an audit watch is added to a parent the temporary watch inside the original krule from userspace is freed. Yet the original watch is used after the real watch was created in audit_add_rules() Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r--kernel/auditfilter.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 713098ee5a02..19c0a0a2cede 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c
@@ -1320,6 +1320,8 @@ static inline int audit_add_rule(struct audit_entry *entry)
1320 mutex_unlock(&audit_filter_mutex); 1320 mutex_unlock(&audit_filter_mutex);
1321 goto error; 1321 goto error;
1322 } 1322 }
1323 /* entry->rule.watch may have changed during audit_add_watch() */
1324 watch = entry->rule.watch;
1323 h = audit_hash_ino((u32)watch->ino); 1325 h = audit_hash_ino((u32)watch->ino);
1324 list = &audit_inode_hash[h]; 1326 list = &audit_inode_hash[h];
1325 } 1327 }