audit: fix error handling in audit_data_to_entry()

Commit 219ca394 ("audit: use union for audit_field values since
they are mutually exclusive") combined a number of separate fields in
the audit_field struct into a single union.  Generally this worked
just fine because they are generally mutually exclusive.
Unfortunately in audit_data_to_entry() the overlap can be a problem
when a specific error case is triggered that causes the error path
code to attempt to cleanup an audit_field struct and the cleanup
involves attempting to free a stored LSM string (the lsm_str field).
Currently the code always has a non-NULL value in the
audit_field.lsm_str field as the top of the for-loop transfers a
value into audit_field.val (both .lsm_str and .val are part of the
same union); if audit_data_to_entry() fails and the audit_field
struct is specified to contain a LSM string, but the
audit_field.lsm_str has not yet been properly set, the error handling
code will attempt to free the bogus audit_field.lsm_str value that
was set with audit_field.val at the top of the for-loop.

This patch corrects this by ensuring that the audit_field.val is only
set when needed (it is cleared when the audit_field struct is
allocated with kcalloc()).  It also corrects a few other issues to
ensure that in case of error the proper error code is returned.

Cc: stable@vger.kernel.org
Fixes: 219ca394 ("audit: use union for audit_field values since they are mutually exclusive")
Reported-by:  <syzbot+1f4d90ead370d72e450b@syzkaller.appspotmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Change-Id: Ic46b21eb3b20bbe1dc9f405ceb870e8c317b4d78
Git-repo: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git


Git-commit: 2ad3e17ebf94b7b7f3f64c050ff168f9915345eb
Signed-off-by: Alam Md Danish <amddan@codeaurora.org>
Signed-off-by: Rahul Shahare <rshaha@codeaurora.org>