diff options
author | Colin Ian King <colin.king@canonical.com> | 2018-05-27 23:55:10 +0100 |
---|---|---|
committer | Mimi Zohar <zohar@linux.vnet.ibm.com> | 2018-05-31 10:13:23 -0400 |
commit | 72acd64df4561593d2ec3227b4aca9b0d7ded50e (patch) | |
tree | 9cca5d1af5523d06fade9771e80e6aac6e8c2487 /security | |
parent | 825b8650dc3dd064969ce343e918d0eb6bf907fb (diff) | |
download | op-kernel-dev-72acd64df4561593d2ec3227b4aca9b0d7ded50e.zip op-kernel-dev-72acd64df4561593d2ec3227b4aca9b0d7ded50e.tar.gz |
EVM: Fix null dereference on xattr when xattr fails to allocate
In the case where the allocation of xattr fails and xattr is NULL, the
error exit return path via label 'out' will dereference xattr when
kfree'ing xattr-name. Fix this by only kfree'ing xattr->name and xattr
when xattr is non-null.
Detected by CoverityScan, CID#1469366 ("Dereference after null check")
Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs")
Signed-off-by: Colin Ian King <colin.king@canonical.com>
Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/integrity/evm/evm_secfs.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c index fb8bc95..cf5cd30 100644 --- a/security/integrity/evm/evm_secfs.c +++ b/security/integrity/evm/evm_secfs.c @@ -253,8 +253,10 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf, out: audit_log_format(ab, " res=%d", err); audit_log_end(ab); - kfree(xattr->name); - kfree(xattr); + if (xattr) { + kfree(xattr->name); + kfree(xattr); + } return err; } |