diff options
author | Eric Paris <eparis@redhat.com> | 2009-06-11 14:31:33 -0400 |
---|---|---|
committer | Al Viro <viro@zeniv.linux.org.uk> | 2009-06-23 23:50:33 -0400 |
commit | 35aa901c0b66cb3c2eeee23f13624014825a44a8 (patch) | |
tree | 5ec19e8b65c1f3e6417c197288c42c60c852ef48 /kernel | |
parent | 4e8a2372f9255a1464ef488ed925455f53fbdaa1 (diff) |
Audit: fix audit watch use after free
When an audit watch is added to a parent the temporary watch inside the
original krule from userspace is freed. Yet the original watch is used after
the real watch was created in audit_add_rules()
Signed-off-by: Eric Paris <eparis@redhat.com>
Diffstat (limited to 'kernel')
-rw-r--r-- | kernel/auditfilter.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 713098ee5a02..19c0a0a2cede 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c | |||
@@ -1320,6 +1320,8 @@ static inline int audit_add_rule(struct audit_entry *entry) | |||
1320 | mutex_unlock(&audit_filter_mutex); | 1320 | mutex_unlock(&audit_filter_mutex); |
1321 | goto error; | 1321 | goto error; |
1322 | } | 1322 | } |
1323 | /* entry->rule.watch may have changed during audit_add_watch() */ | ||
1324 | watch = entry->rule.watch; | ||
1323 | h = audit_hash_ino((u32)watch->ino); | 1325 | h = audit_hash_ino((u32)watch->ino); |
1324 | list = &audit_inode_hash[h]; | 1326 | list = &audit_inode_hash[h]; |
1325 | } | 1327 | } |