Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 45fae749 authored Dec 19, 2011 by Roberto Sassu Committed by Mimi Zohar Dec 19, 2011

ima: free duplicate measurement memory



Info about new measurements are cached in the iint for performance.  When
the inode is flushed from cache, the associated iint is flushed as well.
Subsequent access to the inode will cause the inode to be re-measured and
will attempt to add a duplicate entry to the measurement list.

This patch frees the duplicate measurement memory, fixing a memory leak.

Signed-off-by: Roberto Sassu <roberto.sassu@polito.it>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>
Cc: stable@vger.kernel.org

parent 114d6e9c

security/integrity/ima/ima_api.c

+2 −2

Original line number	Diff line number	Diff line
		@@ -178,8 +178,8 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
		strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);

		result = ima_store_template(entry, violation, inode);
		if (!result)
		if (!result \|\| result == -EEXIST)
		iint->flags \|= IMA_MEASURED;
		else
		if (result < 0)
		kfree(entry);
		}

security/integrity/ima/ima_queue.c

+1 −0

Original line number	Diff line number	Diff line
		@@ -114,6 +114,7 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
		memcpy(digest, entry->digest, sizeof digest);
		if (ima_lookup_digest_entry(digest)) {
		audit_cause = "hash_exists";
		result = -EEXIST;
		goto out;
		}
		}