From: Tyler Hicks <tyhicks@linux.microsoft.com>
To: Mimi Zohar <zohar@linux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@gmail.com>
Cc: James Morris <jmorris@namei.org>,
"Serge E . Hallyn" <serge@hallyn.com>,
Lakshmi Ramasubramanian <nramas@linux.microsoft.com>,
Prakhar Srivastava <prsriva02@gmail.com>,
linux-kernel@vger.kernel.org, linux-integrity@vger.kernel.org,
linux-security-module@vger.kernel.org
Subject: [PATCH 04/12] ima: Free the entire rule if it fails to parse
Date: Mon, 22 Jun 2020 19:32:28 -0500 [thread overview]
Message-ID: <20200623003236.830149-5-tyhicks@linux.microsoft.com> (raw)
In-Reply-To: <20200623003236.830149-1-tyhicks@linux.microsoft.com>
Use ima_free_rule() to fix memory leaks of allocated ima_rule_entry
members, such as .fsname and .keyrings, when an error is encountered
during rule parsing.
Set the args_p pointer to NULL after freeing it in the error path of
ima_lsm_rule_init() so that it isn't freed twice.
This fixes a memory leak seen when loading an rule that contains an
additional piece of allocated memory, such as an fsname, followed by an
invalid conditional:
# echo "measure fsname=tmpfs bad=cond" > /sys/kernel/security/ima/policy
-bash: echo: write error: Invalid argument
# echo scan > /sys/kernel/debug/kmemleak
# cat /sys/kernel/debug/kmemleak
unreferenced object 0xffff98e7e4ece6c0 (size 8):
comm "bash", pid 672, jiffies 4294791843 (age 21.855s)
hex dump (first 8 bytes):
74 6d 70 66 73 00 6b a5 tmpfs.k.
backtrace:
[<00000000abab7413>] kstrdup+0x2e/0x60
[<00000000f11ede32>] ima_parse_add_rule+0x7d4/0x1020
[<00000000f883dd7a>] ima_write_policy+0xab/0x1d0
[<00000000b17cf753>] vfs_write+0xde/0x1d0
[<00000000b8ddfdea>] ksys_write+0x68/0xe0
[<00000000b8e21e87>] do_syscall_64+0x56/0xa0
[<0000000089ea7b98>] entry_SYSCALL_64_after_hwframe+0x44/0xa9
Fixes: f1b08bbcbdaf ("ima: define a new policy condition based on the filesystem name")
Fixes: 2b60c0ecedf8 ("IMA: Read keyrings= option from the IMA policy")
Signed-off-by: Tyler Hicks <tyhicks@linux.microsoft.com>
---
security/integrity/ima/ima_policy.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_policy.c b/security/integrity/ima/ima_policy.c
index 94ca3b8abb69..ee5152ecd3d9 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -919,6 +919,7 @@ static int ima_lsm_rule_init(struct ima_rule_entry *entry,
if (ima_rules == &ima_default_rules) {
kfree(entry->lsm[lsm_rule].args_p);
+ entry->lsm[lsm_rule].args_p = NULL;
result = -EINVAL;
} else
result = 0;
@@ -1410,7 +1411,7 @@ ssize_t ima_parse_add_rule(char *rule)
result = ima_parse_rule(p, entry);
if (result) {
- kfree(entry);
+ ima_free_rule(entry);
integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL,
NULL, op, "invalid-policy", result,
audit_info);
--
2.25.1
next prev parent reply other threads:[~2020-06-23 0:35 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-06-23 0:32 [PATCH 00/12] ima: Fix rule parsing bugs and extend KEXEC_CMDLINE rule support Tyler Hicks
2020-06-23 0:32 ` Tyler Hicks
2020-06-23 0:32 ` [PATCH 01/12] ima: Have the LSM free its audit rule Tyler Hicks
2020-06-23 0:55 ` Casey Schaufler
2020-06-23 3:04 ` Tyler Hicks
2020-06-23 23:04 ` Tyler Hicks
2020-06-25 19:41 ` Mimi Zohar
2020-06-23 0:32 ` [PATCH 02/12] ima: Create a function to free a rule entry Tyler Hicks
2020-06-25 19:33 ` Mimi Zohar
2020-06-25 19:56 ` Tyler Hicks
2020-06-25 20:32 ` Mimi Zohar
2020-06-23 0:32 ` [PATCH 03/12] ima: Free the entire rule when deleting a list of rules Tyler Hicks
2020-06-25 21:05 ` Mimi Zohar
2020-06-25 21:07 ` Mimi Zohar
2020-06-25 21:08 ` Mimi Zohar
2020-06-23 0:32 ` Tyler Hicks [this message]
2020-06-23 0:32 ` [PATCH 05/12] ima: Fail rule parsing when buffer hook functions have an invalid action Tyler Hicks
2020-06-25 21:51 ` Mimi Zohar
2020-06-23 0:32 ` [PATCH 06/12] ima: Fail rule parsing when the KEXEC_CMDLINE hook is combined with an invalid cond Tyler Hicks
2020-06-25 21:53 ` Mimi Zohar
2020-06-23 0:32 ` [PATCH 07/12] ima: Fail rule parsing when the KEY_CHECK " Tyler Hicks
2020-06-23 0:32 ` [PATCH 08/12] ima: Shallow copy the args_p member of ima_rule_entry.lsm elements Tyler Hicks
2020-06-25 21:18 ` Mimi Zohar
2020-06-23 0:32 ` [PATCH 09/12] ima: Use correct type for " Tyler Hicks
2020-06-25 21:20 ` Mimi Zohar
2020-06-23 0:32 ` [PATCH 10/12] ima: Move validation of the keyrings conditional into ima_validate_rule() Tyler Hicks
2020-06-25 19:50 ` Tyler Hicks
2020-06-25 20:46 ` Mimi Zohar
2020-06-23 0:32 ` [PATCH 11/12] ima: Use the common function to detect LSM conditionals in a rule Tyler Hicks
2020-06-25 22:45 ` Mimi Zohar
2020-06-23 0:32 ` [PATCH 12/12] ima: Support additional conditionals in the KEXEC_CMDLINE hook function Tyler Hicks
2020-06-23 0:32 ` Tyler Hicks
2020-06-25 22:56 ` Mimi Zohar
2020-06-25 22:56 ` Mimi Zohar
2020-06-25 22:59 ` Tyler Hicks
2020-06-25 22:59 ` Tyler Hicks
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20200623003236.830149-5-tyhicks@linux.microsoft.com \
--to=tyhicks@linux.microsoft.com \
--cc=dmitry.kasatkin@gmail.com \
--cc=jmorris@namei.org \
--cc=linux-integrity@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=nramas@linux.microsoft.com \
--cc=prsriva02@gmail.com \
--cc=serge@hallyn.com \
--cc=zohar@linux.ibm.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.