summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorRoberto Sassu <roberto.sassu@huawei.com>2022-11-02 19:30:06 +0300
committerMimi Zohar <zohar@linux.ibm.com>2022-11-03 14:38:28 +0300
commit8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8 (patch)
tree6bd4c0b0843e31337d7a4cbfee93e8a793912861 /security
parentc7423dbdbc9ecef7fff5239d144cad4b9887f4de (diff)
downloadlinux-8c1d6a050a0f16e0a9d32eaf53b965c77279c6f8.tar.xz
ima: Fix memory leak in __ima_inode_hash()
Commit f3cc6b25dcc5 ("ima: always measure and audit files in policy") lets measurement or audit happen even if the file digest cannot be calculated. As a result, iint->ima_hash could have been allocated despite ima_collect_measurement() returning an error. Since ima_hash belongs to a temporary inode metadata structure, declared at the beginning of __ima_inode_hash(), just add a kfree() call if ima_collect_measurement() returns an error different from -ENOMEM (in that case, ima_hash should not have been allocated). Cc: stable@vger.kernel.org Fixes: 280fe8367b0d ("ima: Always return a file measurement in ima_file_hash()") Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Diffstat (limited to 'security')
-rw-r--r--security/integrity/ima/ima_main.c7
1 files changed, 6 insertions, 1 deletions
diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
index 040b03ddc1c7..4a207a3ef7ef 100644
--- a/security/integrity/ima/ima_main.c
+++ b/security/integrity/ima/ima_main.c
@@ -542,8 +542,13 @@ static int __ima_inode_hash(struct inode *inode, struct file *file, char *buf,
rc = ima_collect_measurement(&tmp_iint, file, NULL, 0,
ima_hash_algo, NULL);
- if (rc < 0)
+ if (rc < 0) {
+ /* ima_hash could be allocated in case of failure. */
+ if (rc != -ENOMEM)
+ kfree(tmp_iint.ima_hash);
+
return -EOPNOTSUPP;
+ }
iint = &tmp_iint;
mutex_lock(&iint->mutex);