Commit b9f93793 authored Jan 16, 2019 by James Morris Committed by Greg Kroah-Hartman Jan 23, 2019

LSM: Check for NULL cred-security on free



commit a5795fd38ee8194451ba3f281f075301a3696ce2 upstream.

From: Casey Schaufler <casey@schaufler-ca.com>

Check that the cred security blob has been set before trying
to clean it up. There is a case during credential initialization
that could result in this.

Signed-off-by: Casey Schaufler <casey@schaufler-ca.com>
Acked-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: James Morris <james.morris@microsoft.com>
Reported-by:  <syzbot+69ca07954461f189e808@syzkaller.appspotmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>

parent 993e65a6

security/security.c

+7 −0

Original line number	Diff line number	Diff line
		@@ -993,6 +993,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)

		void security_cred_free(struct cred *cred)
		{
		/*
		* There is a failure case in prepare_creds() that
		* may result in a call here with ->security being NULL.
		*/
		if (unlikely(cred->security == NULL))
		return;

		call_void_hook(cred_free, cred);
		}