Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 470abdcf authored by Linus Torvalds's avatar Linus Torvalds
Browse files

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 

Pull IMA fixes from James Morris:
 "Here are two more fixes for IMA"

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security:
  ima: properly free ima_template_entry structures
  ima: Do not free 'entry' before it is initialized
parents 24cb4120 bfb26328

security/integrity/ima/ima.h

+1 −0
Original line number Diff line number Diff line
@@ -148,6 +148,7 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint, 
			    int xattr_len, struct ima_template_entry **entry);

int ima_store_template(struct ima_template_entry *entry, int violation,

		       struct inode *inode, const unsigned char *filename);

void ima_free_template_entry(struct ima_template_entry *entry);

const char *ima_d_path(struct path *path, char **pathbuf);



/* rbtree tree calls to lookup, insert, delete

security/integrity/ima/ima_api.c

+17 −4
Original line number Diff line number Diff line
@@ -21,6 +21,19 @@ 
#include <crypto/hash_info.h>

#include "ima.h"



/*

 * ima_free_template_entry - free an existing template entry

 */

void ima_free_template_entry(struct ima_template_entry *entry)

{

	int i;



	for (i = 0; i < entry->template_desc->num_fields; i++)

		kfree(entry->template_data[i].data);



	kfree(entry);

}



/*

 * ima_alloc_init_template - create and initialize a new template entry

 */
@@ -37,6 +50,7 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint, 
	if (!*entry)

		return -ENOMEM;



	(*entry)->template_desc = template_desc;

	for (i = 0; i < template_desc->num_fields; i++) {

		struct ima_template_field *field = template_desc->fields[i];

		u32 len;
@@ -51,10 +65,9 @@ int ima_alloc_init_template(struct integrity_iint_cache *iint, 
		(*entry)->template_data_len += sizeof(len);

		(*entry)->template_data_len += len;

	}

	(*entry)->template_desc = template_desc;

	return 0;

out:

	kfree(*entry);

	ima_free_template_entry(*entry);

	*entry = NULL;

	return result;

}
@@ -134,7 +147,7 @@ void ima_add_violation(struct file *file, const unsigned char *filename, 
	}

	result = ima_store_template(entry, violation, inode, filename);

	if (result < 0)

		kfree(entry);

		ima_free_template_entry(entry);

err_out:

	integrity_audit_msg(AUDIT_INTEGRITY_PCR, inode, filename,

			    op, cause, result, 0);
@@ -269,7 +282,7 @@ void ima_store_measurement(struct integrity_iint_cache *iint, 
	if (!result || result == -EEXIST)

		iint->flags |= IMA_MEASURED;

	if (result < 0)

		kfree(entry);

		ima_free_template_entry(entry);

}



void ima_audit_measurement(struct integrity_iint_cache *iint,

security/integrity/ima/ima_init.c

+1 −2
Original line number Diff line number Diff line
@@ -63,7 +63,6 @@ static void __init ima_add_boot_aggregate(void) 
		result = ima_calc_boot_aggregate(&hash.hdr);

		if (result < 0) {

			audit_cause = "hashing_error";

			kfree(entry);

			goto err_out;

		}

	}
@@ -76,7 +75,7 @@ static void __init ima_add_boot_aggregate(void) 
	result = ima_store_template(entry, violation, NULL,

				    boot_aggregate_name);

	if (result < 0)

		kfree(entry);

		ima_free_template_entry(entry);

	return;

err_out:

	integrity_audit_msg(AUDIT_INTEGRITY_PCR, NULL, boot_aggregate_name, op,