Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit f06dd16a authored by Eric Paris's avatar Eric Paris Committed by James Morris
Browse files

IMA: Handle dentry_open failures 



Currently IMA does not handle failures from dentry_open().  This means that we
leave a pointer set to ERR_PTR(errno) and then try to use it just a few lines
later in fput().  Oops.

Signed-off-by: default avatarEric Paris <eparis@redhat.com>
Acked-by: default avatarMimi Zohar <zohar@us.ibm.com>
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
parent 37bcbf13

security/integrity/ima/ima_main.c

+6 −4
Original line number Diff line number Diff line
@@ -116,10 +116,6 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file, 
{

	int rc = 0;



	if (IS_ERR(file)) {

		pr_info("%s dentry_open failed\n", filename);

		return rc;

	}

	iint->opencount++;

	iint->readcount++;
@@ -185,6 +181,12 @@ int ima_path_check(struct path *path, int mask) 
		struct vfsmount *mnt = mntget(path->mnt);



		file = dentry_open(dentry, mnt, O_RDONLY, current_cred());

		if (IS_ERR(file)) {

			pr_info("%s dentry_open failed\n", dentry->d_name.name);

			rc = PTR_ERR(file);

			file = NULL;

			goto out;

		}

		rc = get_path_measurement(iint, file, dentry->d_name.name);

	}

out: