LSM: Check for NULL cred-security on free

commit a5795fd3 upstream. From: Casey Schaufler <casey@schaufler-ca.com> Check that the cred security blob has been set before trying to clean it up. There is a case during credential initialization that could result in this. Signed-off-by: N Casey Schaufler <casey@schaufler-ca.com> Acked-by: N John Johansen <john.johansen@canonical.com> Signed-off-by: N James Morris <james.morris@microsoft.com> Reported-by: syzbot+69ca07954461f189e808@syzkaller.appspotmail.com Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>

LSM: Check for NULL cred-security on free
commit a5795fd3 upstream. From: Casey Schaufler <casey@schaufler-ca.com> Check that the cred security blob has been set before trying to clean it up. There is a case during credential initialization that could result in this. Signed-off-by: N Casey Schaufler <casey@schaufler-ca.com> Acked-by: N John Johansen <john.johansen@canonical.com> Signed-off-by: N James Morris <james.morris@microsoft.com> Reported-by: syzbot+69ca07954461f189e808@syzkaller.appspotmail.com Signed-off-by: N Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: N Yang Yingliang <yangyingliang@huawei.com>
f71d4b76 · James Morris · Xie XiuQi · 690eac27 · f71d4b76
隐藏空白更改
内联并排

Showing with 7 addition and 0 deletion

security/security.c security/security.c +7 -0

未找到文件。
--- a/security/security.c
+++ b/security/security.c
@@ -1003,6 +1003,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)

 void security_cred_free(struct cred *cred)
 {
+	/*
+	 * There is a failure case in prepare_creds() that
+	 * may result in a call here with ->security being NULL.
+	 */
+	if (unlikely(cred->security == NULL))
+		return;
+
 	call_void_hook(cred_free, cred);
 }