tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Pull IMA fixes from James Morris:
"Here are two more fixes for IMA"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
ima: properly free ima_template_entry structures
ima: Do not free 'entry' before it is initialized

Linus Torvalds 470abdcf 24cb4120

+19 -6
+1
security/integrity/ima/ima.h
··· 148 148 int xattr_len, struct ima_template_entry **entry); 149 149 int ima_store_template(struct ima_template_entry *entry, int violation, 150 150 struct inode *inode, const unsigned char *filename); 151 + void ima_free_template_entry(struct ima_template_entry *entry); 151 152 const char *ima_d_path(struct path *path, char **pathbuf); 152 153 153 154 /* rbtree tree calls to lookup, insert, delete
+17 -4
security/integrity/ima/ima_api.c
··· 22 22 #include "ima.h" 23 23 24 24 /* 25 + * ima_free_template_entry - free an existing template entry 26 + */ 27 + void ima_free_template_entry(struct ima_template_entry *entry) 28 + { 29 + int i; 30 + 31 + for (i = 0; i < entry->template_desc->num_fields; i++) 32 + kfree(entry->template_data[i].data); 33 + 34 + kfree(entry); 35 + } 36 + 37 + /* 25 38 * ima_alloc_init_template - create and initialize a new template entry 26 39 */ 27 40 int ima_alloc_init_template(struct integrity_iint_cache *iint, ··· 50 37 if (!*entry) 51 38 return -ENOMEM; 52 39 40 + (*entry)->template_desc = template_desc; 53 41 for (i = 0; i < template_desc->num_fields; i++) { 54 42 struct ima_template_field *field = template_desc->fields[i]; 55 43 u32 len; ··· 65 51 (*entry)->template_data_len += sizeof(len); 66 52 (*entry)->template_data_len += len; 67 53 } 68 - (*entry)->template_desc = template_desc; 69 54 return 0; 70 55 out: 71 - kfree(*entry); 56 + ima_free_template_entry(*entry); 72 57 *entry = NULL; 73 58 return result; 74 59 } ··· 147 134 } 148 135 result = ima_store_template(entry, violation, inode, filename); 149 136 if (result < 0) 150 - kfree(entry); 137 + ima_free_template_entry(entry); 151 138 err_out: 152 139 integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, 153 140 op, cause, result, 0); ··· 282 269 if (!result || result == -EEXIST) 283 270 iint->flags |= IMA_MEASURED; 284 271 if (result < 0) 285 - kfree(entry); 272 + ima_free_template_entry(entry); 286 273 } 287 274 288 275 void ima_audit_measurement(struct integrity_iint_cache *iint,
+1 -2
security/integrity/ima/ima_init.c
··· 63 63 result = ima_calc_boot_aggregate(&hash.hdr); 64 64 if (result < 0) { 65 65 audit_cause = "hashing_error"; 66 - kfree(entry); 67 66 goto err_out; 68 67 } 69 68 } ··· 75 76 result = ima_store_template(entry, violation, NULL, 76 77 boot_aggregate_name); 77 78 if (result < 0) 78 - kfree(entry); 79 + ima_free_template_entry(entry); 79 80 return; 80 81 err_out: 81 82 integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,