summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorColin Ian King <colin.king@canonical.com>2018-05-28 00:55:10 +0200
committerMimi Zohar <zohar@linux.vnet.ibm.com>2018-05-31 16:13:23 +0200
commit72acd64df4561593d2ec3227b4aca9b0d7ded50e (patch)
tree9cca5d1af5523d06fade9771e80e6aac6e8c2487
parentEVM: fix memory leak of temporary buffer 'temp' (diff)
downloadlinux-72acd64df4561593d2ec3227b4aca9b0d7ded50e.tar.xz
linux-72acd64df4561593d2ec3227b4aca9b0d7ded50e.zip
EVM: Fix null dereference on xattr when xattr fails to allocate
In the case where the allocation of xattr fails and xattr is NULL, the error exit return path via label 'out' will dereference xattr when kfree'ing xattr-name. Fix this by only kfree'ing xattr->name and xattr when xattr is non-null. Detected by CoverityScan, CID#1469366 ("Dereference after null check") Fixes: fa516b66a1bf ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: Colin Ian King <colin.king@canonical.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
-rw-r--r--security/integrity/evm/evm_secfs.c6
1 files changed, 4 insertions, 2 deletions
diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index fb8bc950aceb..cf5cd303d7c0 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -253,8 +253,10 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
out:
audit_log_format(ab, " res=%d", err);
audit_log_end(ab);
- kfree(xattr->name);
- kfree(xattr);
+ if (xattr) {
+ kfree(xattr->name);
+ kfree(xattr);
+ }
return err;
}