* [PATCH] ima: Fix a use after free in ima_read_modsig()
@ 2019-08-08 10:33 Dan Carpenter
2019-08-08 11:17 ` Mimi Zohar
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2019-08-08 10:33 UTC (permalink / raw)
To: Mimi Zohar, Thiago Jung Bauermann
Cc: Dmitry Kasatkin, James Morris, Serge E. Hallyn, linux-integrity,
linux-security-module, kernel-janitors
This code frees "hdr" and then dereferences it on the next line to get
the error code.
Fixes: 39b07096364a ("ima: Implement support for module-style appended signatures")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
security/integrity/ima/ima_modsig.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_modsig.c b/security/integrity/ima/ima_modsig.c
index c412e31d1714..d106885cc495 100644
--- a/security/integrity/ima/ima_modsig.c
+++ b/security/integrity/ima/ima_modsig.c
@@ -91,8 +91,9 @@ int ima_read_modsig(enum ima_hooks func, const void *buf, loff_t buf_len,
hdr->pkcs7_msg = pkcs7_parse_message(buf + buf_len, sig_len);
if (IS_ERR(hdr->pkcs7_msg)) {
+ rc = PTR_ERR(hdr->pkcs7_msg);
kfree(hdr);
- return PTR_ERR(hdr->pkcs7_msg);
+ return rc;
}
memcpy(hdr->raw_pkcs7, buf + buf_len, sig_len);
--
2.20.1
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] ima: Fix a use after free in ima_read_modsig()
2019-08-08 10:33 [PATCH] ima: Fix a use after free in ima_read_modsig() Dan Carpenter
@ 2019-08-08 11:17 ` Mimi Zohar
2019-08-08 11:45 ` Dan Carpenter
0 siblings, 1 reply; 4+ messages in thread
From: Mimi Zohar @ 2019-08-08 11:17 UTC (permalink / raw)
To: Dan Carpenter, Thiago Jung Bauermann
Cc: Dmitry Kasatkin, James Morris, Serge E. Hallyn, linux-integrity,
linux-security-module, kernel-janitors
On Thu, 2019-08-08 at 13:33 +0300, Dan Carpenter wrote:
> This code frees "hdr" and then dereferences it on the next line to get
> the error code.
>
> Fixes: 39b07096364a ("ima: Implement support for module-style appended signatures")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
Thanks, Dan. Julia already reported this. Thiago posted a patch last
night. Just getting to it now. Can I add your Reviewed-by or Tested-
by?
Mimi
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ima: Fix a use after free in ima_read_modsig()
2019-08-08 11:17 ` Mimi Zohar
@ 2019-08-08 11:45 ` Dan Carpenter
2019-08-08 11:55 ` Mimi Zohar
0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2019-08-08 11:45 UTC (permalink / raw)
To: Mimi Zohar
Cc: Thiago Jung Bauermann, Dmitry Kasatkin, James Morris,
Serge E. Hallyn, linux-integrity, linux-security-module,
kernel-janitors
On Thu, Aug 08, 2019 at 07:17:22AM -0400, Mimi Zohar wrote:
> On Thu, 2019-08-08 at 13:33 +0300, Dan Carpenter wrote:
> > This code frees "hdr" and then dereferences it on the next line to get
> > the error code.
> >
> > Fixes: 39b07096364a ("ima: Implement support for module-style appended signatures")
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>
> Thanks, Dan. Julia already reported this. Thiago posted a patch last
> night. Just getting to it now. Can I add your Reviewed-by or Tested-
> by?
I haven't seen the other patch so Reviewed-by seems like the wrong
thing. I don't really need any sort of credit. I'm just going through
my backlog of warnings from being out of office. Perhaps Reported-by?
regards,
dan carpenter
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] ima: Fix a use after free in ima_read_modsig()
2019-08-08 11:45 ` Dan Carpenter
@ 2019-08-08 11:55 ` Mimi Zohar
0 siblings, 0 replies; 4+ messages in thread
From: Mimi Zohar @ 2019-08-08 11:55 UTC (permalink / raw)
To: Dan Carpenter
Cc: Thiago Jung Bauermann, Dmitry Kasatkin, James Morris,
Serge E. Hallyn, linux-integrity, linux-security-module,
kernel-janitors
On Thu, 2019-08-08 at 14:45 +0300, Dan Carpenter wrote:
> On Thu, Aug 08, 2019 at 07:17:22AM -0400, Mimi Zohar wrote:
> > On Thu, 2019-08-08 at 13:33 +0300, Dan Carpenter wrote:
> > > This code frees "hdr" and then dereferences it on the next line to get
> > > the error code.
> > >
> > > Fixes: 39b07096364a ("ima: Implement support for module-style appended signatures")
> > > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> >
> > Thanks, Dan. Julia already reported this. Thiago posted a patch last
> > night. Just getting to it now. Can I add your Reviewed-by or Tested-
> > by?
>
> I haven't seen the other patch so Reviewed-by seems like the wrong
> thing. I don't really need any sort of credit. I'm just going through
> my backlog of warnings from being out of office. Perhaps Reported-by?
That works. FYI, your solution and Thiago's are exactly the same.[1]
Mimi
[1] https://lore.kernel.org/linux-integrity/8736ico5ax.fsf@morokweng.localdomain/T/#u
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2019-08-08 11:55 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-08 10:33 [PATCH] ima: Fix a use after free in ima_read_modsig() Dan Carpenter
2019-08-08 11:17 ` Mimi Zohar
2019-08-08 11:45 ` Dan Carpenter
2019-08-08 11:55 ` Mimi Zohar
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).