On 9/6/22 15:50, Mimi Zohar wrote:
On failure to read TPM 2.0 bank PCRs 'errmsg' is not properly set to
NULL after being freed. Fix potential use after free.
Fixes: 3472f9ba9c05 ("ima-evm-utils: read the PCRs for the requested TPM banks")
Reviewed-by: Petr Vorel <pvorel@xxxxxxx>
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
---
src/evmctl.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/evmctl.c b/src/evmctl.c
index fa588e0caba2..a497b1a468d6 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2075,6 +2075,7 @@ static int read_tpm_banks(int num_banks, struct tpm_bank_info *bank)
log_debug("Failed to read %s PCRs: (%s)\n",
bank[i].algo_name, errmsg);
free(errmsg);
+ errmsg = NULL;
bank[i].supported = 0;
}
}
