Re: [PATCH] ima: Fix potential NULL pointer access in ima_match_rules()

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, 2023-03-14 at 21:03 +0300, Roman Danilov wrote:
> In ima_match_rules(), when ima_lsm_copy_rule() fails, NULL pointer
> is assigned to lsm_rule. After that, in the next step of the loop
> NULL pointer is dereferenced in lsm_rule->lsm[i].rule.

I must being missing something.  The next step of the loop tests
whether rule_reinitialized is set before accessing lsm_rule-
>lsm[i].rule.

> 
> As far as ima_match_rules() is not designed to return error code,
> add __GFP_NOFAIL to make sure memory allocation succeeds.

Using  __GFP_NOFAIL here would be safer.

> 
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
> 
> Fixes: c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()")
> Signed-off-by: Roman Danilov <romanosauce57@xxxxxxxxx>
> Reviewed-by: Alexey Khoroshilov <khoroshilov@xxxxxxxxx>

-- 
thanks,

Mimi
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Linux Kernel]     [Linux Kernel Hardening]     [Linux NFS]     [Linux NILFS]     [Linux USB Devel]     [Video for Linux]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux