diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_crypto.c | 6 | ||||
| -rw-r--r-- | security/integrity/ima/ima_main.c | 10 |
2 files changed, 13 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 63003a63aaee..46642a19bc78 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c | |||
| @@ -45,9 +45,9 @@ int ima_calc_hash(struct file *file, char *digest) | |||
| 45 | { | 45 | { |
| 46 | struct hash_desc desc; | 46 | struct hash_desc desc; |
| 47 | struct scatterlist sg[1]; | 47 | struct scatterlist sg[1]; |
| 48 | loff_t i_size; | 48 | loff_t i_size, offset = 0; |
| 49 | char *rbuf; | 49 | char *rbuf; |
| 50 | int rc, offset = 0; | 50 | int rc; |
| 51 | 51 | ||
| 52 | rc = init_desc(&desc); | 52 | rc = init_desc(&desc); |
| 53 | if (rc != 0) | 53 | if (rc != 0) |
| @@ -67,6 +67,8 @@ int ima_calc_hash(struct file *file, char *digest) | |||
| 67 | rc = rbuf_len; | 67 | rc = rbuf_len; |
| 68 | break; | 68 | break; |
| 69 | } | 69 | } |
| 70 | if (rbuf_len == 0) | ||
| 71 | break; | ||
| 70 | offset += rbuf_len; | 72 | offset += rbuf_len; |
| 71 | sg_init_one(sg, rbuf, rbuf_len); | 73 | sg_init_one(sg, rbuf, rbuf_len); |
| 72 | 74 | ||
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 101c512564ec..b85e61bcf246 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c | |||
| @@ -249,7 +249,11 @@ void ima_counts_put(struct path *path, int mask) | |||
| 249 | struct inode *inode = path->dentry->d_inode; | 249 | struct inode *inode = path->dentry->d_inode; |
| 250 | struct ima_iint_cache *iint; | 250 | struct ima_iint_cache *iint; |
| 251 | 251 | ||
| 252 | if (!ima_initialized || !S_ISREG(inode->i_mode)) | 252 | /* The inode may already have been freed, freeing the iint |
| 253 | * with it. Verify the inode is not NULL before dereferencing | ||
| 254 | * it. | ||
| 255 | */ | ||
| 256 | if (!ima_initialized || !inode || !S_ISREG(inode->i_mode)) | ||
| 253 | return; | 257 | return; |
| 254 | iint = ima_iint_find_insert_get(inode); | 258 | iint = ima_iint_find_insert_get(inode); |
| 255 | if (!iint) | 259 | if (!iint) |
| @@ -262,6 +266,8 @@ void ima_counts_put(struct path *path, int mask) | |||
| 262 | else if (mask & (MAY_READ | MAY_EXEC)) | 266 | else if (mask & (MAY_READ | MAY_EXEC)) |
| 263 | iint->readcount--; | 267 | iint->readcount--; |
| 264 | mutex_unlock(&iint->mutex); | 268 | mutex_unlock(&iint->mutex); |
| 269 | |||
| 270 | kref_put(&iint->refcount, iint_free); | ||
| 265 | } | 271 | } |
| 266 | 272 | ||
| 267 | /* | 273 | /* |
| @@ -291,6 +297,8 @@ void ima_counts_get(struct file *file) | |||
| 291 | if (file->f_mode & FMODE_WRITE) | 297 | if (file->f_mode & FMODE_WRITE) |
| 292 | iint->writecount++; | 298 | iint->writecount++; |
| 293 | mutex_unlock(&iint->mutex); | 299 | mutex_unlock(&iint->mutex); |
| 300 | |||
| 301 | kref_put(&iint->refcount, iint_free); | ||
| 294 | } | 302 | } |
| 295 | EXPORT_SYMBOL_GPL(ima_counts_get); | 303 | EXPORT_SYMBOL_GPL(ima_counts_get); |
| 296 | 304 | ||