diff options
| author | Huaxin Lu <luhuaxin1@huawei.com> | 2022-11-03 00:09:49 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2023-01-12 11:58:57 +0100 |
| commit | 3b4984035c404dc20eec0e4b3a02f47aa68866ba (patch) | |
| tree | a28dcc18a3d6edc90fa93caa7258953578ccb852 /security | |
| parent | a843699f1665835666c711eef2f002c81fa22daa (diff) | |
| download | linux-3b4984035c404dc20eec0e4b3a02f47aa68866ba.tar.gz linux-3b4984035c404dc20eec0e4b3a02f47aa68866ba.tar.bz2 linux-3b4984035c404dc20eec0e4b3a02f47aa68866ba.zip | |
ima: Fix a potential NULL pointer access in ima_restore_measurement_list
commit 11220db412edae8dba58853238f53258268bdb88 upstream.
In restore_template_fmt, when kstrdup fails, a non-NULL value will still be
returned, which causes a NULL pointer access in template_desc_init_fields.
Fixes: c7d09367702e ("ima: support restoring multiple template formats")
Cc: stable@kernel.org
Co-developed-by: Jiaming Li <lijiaming30@huawei.com>
Signed-off-by: Jiaming Li <lijiaming30@huawei.com>
Signed-off-by: Huaxin Lu <luhuaxin1@huawei.com>
Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/integrity/ima/ima_template.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_template.c b/security/integrity/ima/ima_template.c index f84a0598e4f6..31a8388e3dfa 100644 --- a/security/integrity/ima/ima_template.c +++ b/security/integrity/ima/ima_template.c @@ -336,8 +336,11 @@ static struct ima_template_desc *restore_template_fmt(char *template_name) template_desc->name = ""; template_desc->fmt = kstrdup(template_name, GFP_KERNEL); - if (!template_desc->fmt) + if (!template_desc->fmt) { + kfree(template_desc); + template_desc = NULL; goto out; + } spin_lock(&template_list); list_add_tail_rcu(&template_desc->list, &defined_templates); |