apfs/linux-apfs
0
0
Fork 0
mirror of https://github.com/linux-apfs/linux-apfs.git synced 2026-05-01 15:00:59 -07:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security

Browse Source 
Pull IMA fixes from James Morris:
 "Here are two more fixes for IMA"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  ima: properly free ima_template_entry structures
  ima: Do not free 'entry' before it is initialized
This commit is contained in:
Linus Torvalds
2013-12-06 08:28:35 -08:00
parent 24cb412041 bfb26328b9
commit 470abdcfda
3 changed files with 19 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
security/integrity/ima/ima.h
+1
View File
@@ -148,6 +148,7 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint,
int xattr_len, struct ima_template_entry **entry); int xattr_len, struct ima_template_entry **entry);
int ima_store_template(struct ima_template_entry *entry, int violation, int ima_store_template(struct ima_template_entry *entry, int violation,
struct inode *inode, const unsigned char *filename); struct inode *inode, const unsigned char *filename);
void ima_free_template_entry(struct ima_template_entry *entry);
const char *ima_d_path(struct path *path, char **pathbuf); const char *ima_d_path(struct path *path, char **pathbuf);
/* rbtree tree calls to lookup, insert, delete /* rbtree tree calls to lookup, insert, delete
security/integrity/ima/ima_api.c
+17 -4
View File
@@ -21,6 +21,19 @@
#include <crypto/hash_info.h> #include <crypto/hash_info.h>
#include "ima.h" #include "ima.h"
/*
* ima_free_template_entry - free an existing template entry
*/
void ima_free_template_entry(struct ima_template_entry *entry)
{
int i;
for (i = 0; i < entry->template_desc->num_fields; i++)
kfree(entry->template_data[i].data);
kfree(entry);
}
/* /*
* ima_alloc_init_template - create and initialize a new template entry * ima_alloc_init_template - create and initialize a new template entry
*/ */
@@ -37,6 +50,7 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint,
if (!*entry) if (!*entry)
return -ENOMEM; return -ENOMEM;
(*entry)->template_desc = template_desc;
for (i = 0; i < template_desc->num_fields; i++) { for (i = 0; i < template_desc->num_fields; i++) {
struct ima_template_field *field = template_desc->fields[i]; struct ima_template_field *field = template_desc->fields[i];
u32 len; u32 len;
@@ -51,10 +65,9 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint,
(*entry)->template_data_len += sizeof(len); (*entry)->template_data_len += sizeof(len);
(*entry)->template_data_len += len; (*entry)->template_data_len += len;
} }
(*entry)->template_desc = template_desc;
return 0; return 0;
out: out:
kfree(*entry); ima_free_template_entry(*entry);
*entry = NULL; *entry = NULL;
return result; return result;
} }
@@ -134,7 +147,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename,
} }
result = ima_store_template(entry, violation, inode, filename); result = ima_store_template(entry, violation, inode, filename);
if (result < 0) if (result < 0)
kfree(entry); ima_free_template_entry(entry);
err_out: err_out:
integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename, integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,
op, cause, result, 0); op, cause, result, 0);
@@ -269,7 +282,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
if (!result || result == -EEXIST) if (!result || result == -EEXIST)
iint->flags |= IMA_MEASURED; iint->flags |= IMA_MEASURED;
if (result < 0) if (result < 0)
kfree(entry); ima_free_template_entry(entry);
} }
void ima_audit_measurement(struct integrity_iint_cache *iint, void ima_audit_measurement(struct integrity_iint_cache *iint,
security/integrity/ima/ima_init.c
+1 -2
View File
@@ -63,7 +63,6 @@ static void __init ima_add_boot_aggregate(void)
result = ima_calc_boot_aggregate(&hash.hdr); result = ima_calc_boot_aggregate(&hash.hdr);
if (result < 0) { if (result < 0) {
audit_cause = "hashing_error"; audit_cause = "hashing_error";
kfree(entry);
goto err_out; goto err_out;
} }
} }
@@ -76,7 +75,7 @@ static void __init ima_add_boot_aggregate(void)
result = ima_store_template(entry, violation, NULL, result = ima_store_template(entry, violation, NULL,
boot_aggregate_name); boot_aggregate_name);
if (result < 0) if (result < 0)
kfree(entry); ima_free_template_entry(entry);
return; return;
err_out: err_out:
integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op, integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,