diff options
| author | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2009-09-04 13:08:46 -0400 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2009-09-06 21:54:58 -0400 |
| commit | acd0c935178649f72c44ec49ca83bee35ce1f79e (patch) | |
| tree | c0cb2f8fbbaa54567785b5430e5be8c8b51f5724 /security | |
| parent | e07cccf4046978df10f2e13fe2b99b2f9b3a65db (diff) | |
IMA: update ima_counts_put
- As ima_counts_put() may be called after the inode has been freed,
verify that the inode is not NULL, before dereferencing it.
- Maintain the IMA file counters in may_open() properly, decrementing
any counter increments on subsequent errors.
Reported-by: Ciprian Docan <docan@eden.rutgers.edu>
Reported-by: J.R. Okajima <hooanon05@yahoo.co.jp>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Acked-by: Eric Paris <eparis@redhat.com
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_main.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 4732f5e5d127..b85e61bcf246 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
| @@ -249,7 +249,11 @@ void ima_counts_put(struct path *path, int mask) | |||
| 249 | struct inode *inode = path->dentry->d_inode; | 249 | struct inode *inode = path->dentry->d_inode; |
| 250 | struct ima_iint_cache *iint; | 250 | struct ima_iint_cache *iint; |
| 251 | 251 | ||
| 252 | if (!ima_initialized || !S_ISREG(inode->i_mode)) | 252 | /* The inode may already have been freed, freeing the iint |
| 253 | * with it. Verify the inode is not NULL before dereferencing | ||
| 254 | * it. | ||
| 255 | */ | ||
| 256 | if (!ima_initialized || !inode || !S_ISREG(inode->i_mode)) | ||
| 253 | return; | 257 | return; |
| 254 | iint = ima_iint_find_insert_get(inode); | 258 | iint = ima_iint_find_insert_get(inode); |
| 255 | if (!iint) | 259 | if (!iint) |