Commit 42413b49 authored by Roberto Sassu's avatar Roberto Sassu Committed by Mimi Zohar

ima: Directly free *entry in ima_alloc_init_template() if digests is NULL

To support multiple template digests, the static array entry->digest has
been replaced with a dynamically allocated array in commit aa724fe1
("ima: Switch to dynamically allocated buffer for template digests"). The
array is allocated in ima_alloc_init_template() and if the returned pointer
is NULL, ima_free_template_entry() is called.

However, (*entry)->template_desc is not yet initialized while it is used by
ima_free_template_entry(). This patch fixes the issue by directly freeing
*entry without calling ima_free_template_entry().

Fixes: aa724fe1 ("ima: Switch to dynamically allocated buffer for template digests")
Reported-by: syzbot+223310b454ba6b75974e@syzkaller.appspotmail.com
Signed-off-by: default avatarRoberto Sassu <roberto.sassu@huawei.com>
Signed-off-by: default avatarMimi Zohar <zohar@linux.ibm.com>
parent 6cc7c266
...@@ -55,8 +55,9 @@ int ima_alloc_init_template(struct ima_event_data *event_data, ...@@ -55,8 +55,9 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
digests = kcalloc(NR_BANKS(ima_tpm_chip) + ima_extra_slots, digests = kcalloc(NR_BANKS(ima_tpm_chip) + ima_extra_slots,
sizeof(*digests), GFP_NOFS); sizeof(*digests), GFP_NOFS);
if (!digests) { if (!digests) {
result = -ENOMEM; kfree(*entry);
goto out; *entry = NULL;
return -ENOMEM;
} }
(*entry)->digests = digests; (*entry)->digests = digests;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment