提交 37b71411 编写于 作者: L Linus Torvalds

Merge tag 'audit-pr-20180731' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit

Pull audit fix from Paul Moore:
 "A single small audit fix to guard against memory allocation failures
  when logging information about a kernel module load.

  It's small, easy to understand, and self-contained; while nothing is
  zero risk, this should be pretty low"

* tag 'audit-pr-20180731' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: fix potential null dereference 'context->module.name'
...@@ -1279,8 +1279,12 @@ static void show_special(struct audit_context *context, int *call_panic) ...@@ -1279,8 +1279,12 @@ static void show_special(struct audit_context *context, int *call_panic)
break; break;
case AUDIT_KERN_MODULE: case AUDIT_KERN_MODULE:
audit_log_format(ab, "name="); audit_log_format(ab, "name=");
audit_log_untrustedstring(ab, context->module.name); if (context->module.name) {
kfree(context->module.name); audit_log_untrustedstring(ab, context->module.name);
kfree(context->module.name);
} else
audit_log_format(ab, "(null)");
break; break;
} }
audit_log_end(ab); audit_log_end(ab);
...@@ -2411,8 +2415,9 @@ void __audit_log_kern_module(char *name) ...@@ -2411,8 +2415,9 @@ void __audit_log_kern_module(char *name)
{ {
struct audit_context *context = audit_context(); struct audit_context *context = audit_context();
context->module.name = kmalloc(strlen(name) + 1, GFP_KERNEL); context->module.name = kstrdup(name, GFP_KERNEL);
strcpy(context->module.name, name); if (!context->module.name)
audit_log_lost("out of memory in __audit_log_kern_module");
context->type = AUDIT_KERN_MODULE; context->type = AUDIT_KERN_MODULE;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册