diff options
| author | Roberto Sassu <roberto.sassu@polito.it> | 2011-12-19 09:57:28 -0500 |
|---|---|---|
| committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2011-12-19 22:07:54 -0500 |
| commit | 7b7e5916aa2f46e57f8bd8cb89c34620ebfda5da (patch) | |
| tree | af324024e68047b9fff7ddf49c3e8f8e6024792e /security | |
| parent | 45fae7493970d7c45626ccd96d4a74f5f1eea5a9 (diff) | |
ima: fix invalid memory reference
Don't free a valid measurement entry on TPM PCR extend failure.
Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Cc: stable@vger.kernel.org
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_queue.c | 16 |
1 files changed, 11 insertions, 5 deletions
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c index e1a5062b1f6a..55a6271bce7a 100644 --- a/security/integrity/ima/ima_queue.c +++ b/security/integrity/ima/ima_queue.c | |||
| @@ -23,6 +23,8 @@ | |||
| 23 | #include <linux/slab.h> | 23 | #include <linux/slab.h> |
| 24 | #include "ima.h" | 24 | #include "ima.h" |
| 25 | 25 | ||
| 26 | #define AUDIT_CAUSE_LEN_MAX 32 | ||
| 27 | |||
| 26 | LIST_HEAD(ima_measurements); /* list of all measurements */ | 28 | LIST_HEAD(ima_measurements); /* list of all measurements */ |
| 27 | 29 | ||
| 28 | /* key: inode (before secure-hashing a file) */ | 30 | /* key: inode (before secure-hashing a file) */ |
| @@ -94,7 +96,8 @@ static int ima_pcr_extend(const u8 *hash) | |||
| 94 | 96 | ||
| 95 | result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); | 97 | result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash); |
| 96 | if (result != 0) | 98 | if (result != 0) |
| 97 | pr_err("IMA: Error Communicating to TPM chip\n"); | 99 | pr_err("IMA: Error Communicating to TPM chip, result: %d\n", |
| 100 | result); | ||
| 98 | return result; | 101 | return result; |
| 99 | } | 102 | } |
| 100 | 103 | ||
| @@ -106,8 +109,9 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, | |||
| 106 | { | 109 | { |
| 107 | u8 digest[IMA_DIGEST_SIZE]; | 110 | u8 digest[IMA_DIGEST_SIZE]; |
| 108 | const char *audit_cause = "hash_added"; | 111 | const char *audit_cause = "hash_added"; |
| 112 | char tpm_audit_cause[AUDIT_CAUSE_LEN_MAX]; | ||
| 109 | int audit_info = 1; | 113 | int audit_info = 1; |
| 110 | int result = 0; | 114 | int result = 0, tpmresult = 0; |
| 111 | 115 | ||
| 112 | mutex_lock(&ima_extend_list_mutex); | 116 | mutex_lock(&ima_extend_list_mutex); |
| 113 | if (!violation) { | 117 | if (!violation) { |
| @@ -129,9 +133,11 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation, | |||
| 129 | if (violation) /* invalidate pcr */ | 133 | if (violation) /* invalidate pcr */ |
| 130 | memset(digest, 0xff, sizeof digest); | 134 | memset(digest, 0xff, sizeof digest); |
| 131 | 135 | ||
| 132 | result = ima_pcr_extend(digest); | 136 | tpmresult = ima_pcr_extend(digest); |
| 133 | if (result != 0) { | 137 | if (tpmresult != 0) { |
| 134 | audit_cause = "TPM error"; | 138 | snprintf(tpm_audit_cause, AUDIT_CAUSE_LEN_MAX, "TPM_error(%d)", |
| 139 | tpmresult); | ||
| 140 | audit_cause = tpm_audit_cause; | ||
| 135 | audit_info = 0; | 141 | audit_info = 0; |
| 136 | } | 142 | } |
| 137 | out: | 143 | out: |