Commit 72acd64d authored May 27, 2018 by Colin Ian King Committed by Mimi Zohar May 31, 2018

EVM: Fix null dereference on xattr when xattr fails to allocate

In the case where the allocation of xattr fails and xattr is NULL, the
error exit return path via label 'out' will dereference xattr when
kfree'ing xattr-name. Fix this by only kfree'ing xattr->name and xattr
when xattr is non-null.

Detected by CoverityScan, CID#1469366 ("Dereference after null check")

Fixes: fa516b66 ("EVM: Allow runtime modification of the set of verified xattrs")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>

parent 825b8650

security/integrity/evm/evm_secfs.c

+4 −2

Original line number	Original line	Diff line number	Diff line
	@@ -253,8 +253,10 @@ static ssize_t evm_write_xattrs(struct file file, const char __user buf,
	out:		out:
	audit_log_format(ab, " res=%d", err);		audit_log_format(ab, " res=%d", err);
	audit_log_end(ab);		audit_log_end(ab);
			if (xattr) {
	kfree(xattr->name);		kfree(xattr->name);
	kfree(xattr);		kfree(xattr);
			}
	return err;		return err;
	}		}