EVM: Fix null dereference on xattr when xattr fails to allocate

In the case where the allocation of xattr fails and xattr is NULL, the error exit return path via label 'out' will dereference xattr when kfree'ing xattr-name. Fix this by only kfree'ing xattr->name and xattr when xattr is non-null. Detected by CoverityScan, CID#1469366 ("Dereference after null check") Fixes: fa516b66 ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: N Colin Ian King <colin.king@canonical.com> Signed-off-by: N Mimi Zohar <zohar@linux.vnet.ibm.com>

EVM: Fix null dereference on xattr when xattr fails to allocate
In the case where the allocation of xattr fails and xattr is NULL, the error exit return path via label 'out' will dereference xattr when kfree'ing xattr-name. Fix this by only kfree'ing xattr->name and xattr when xattr is non-null. Detected by CoverityScan, CID#1469366 ("Dereference after null check") Fixes: fa516b66 ("EVM: Allow runtime modification of the set of verified xattrs") Signed-off-by: N Colin Ian King <colin.king@canonical.com> Signed-off-by: N Mimi Zohar <zohar@linux.vnet.ibm.com>
72acd64d · Colin Ian King · Mimi Zohar · 825b8650 · 72acd64d
隐藏空白更改
内联并排

Showing with 4 addition and 2 deletion

security/integrity/evm/evm_secfs.c security/integrity/evm/evm_secfs.c +4 -2

未找到文件。
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -253,8 +253,10 @@ static ssize_t evm_write_xattrs(struct file *file, const char __user *buf,
 out:
 	audit_log_format(ab, " res=%d", err);
 	audit_log_end(ab);
-	kfree(xattr->name);
+	if (xattr) {
-	kfree(xattr);
+		kfree(xattr->name);
+		kfree(xattr);
+	}
 	return err;
 }