Patch "ima: Fix a potential NULL pointer access in ima_restore_measurement_list" has been added to the 6.0-stable tree

<gregkh@xxxxxxxxxxxxxxxxxxx> · Wed, 04 Jan 2023 15:47:44 +0100

This is a note to let you know that I've just added the patch titled

    ima: Fix a potential NULL pointer access in ima_restore_measurement_list

to the 6.0-stable tree which can be found at:
    http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary

The filename of the patch is:
     ima-fix-a-potential-null-pointer-access-in-ima_restore_measurement_list.patch
and it can be found in the queue-6.0 subdirectory.

If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.


>From 11220db412edae8dba58853238f53258268bdb88 Mon Sep 17 00:00:00 2001
From: Huaxin Lu <luhuaxin1@xxxxxxxxxx>
Date: Thu, 3 Nov 2022 00:09:49 +0800
Subject: ima: Fix a potential NULL pointer access in ima_restore_measurement_list

From: Huaxin Lu <luhuaxin1@xxxxxxxxxx>

commit 11220db412edae8dba58853238f53258268bdb88 upstream.

In restore_template_fmt, when kstrdup fails, a non-NULL value will still be
returned, which causes a NULL pointer access in template_desc_init_fields.

Fixes: c7d09367702e ("ima: support restoring multiple template formats")
Cc: stable@xxxxxxxxxx
Co-developed-by: Jiaming Li <lijiaming30@xxxxxxxxxx>
Signed-off-by: Jiaming Li <lijiaming30@xxxxxxxxxx>
Signed-off-by: Huaxin Lu <luhuaxin1@xxxxxxxxxx>
Reviewed-by: Stefan Berger <stefanb@xxxxxxxxxxxxx>
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
 security/integrity/ima/ima_template.c |    5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

--- a/security/integrity/ima/ima_template.c
+++ b/security/integrity/ima/ima_template.c
@@ -340,8 +340,11 @@ static struct ima_template_desc *restore
 
 	template_desc->name = "";
 	template_desc->fmt = kstrdup(template_name, GFP_KERNEL);
-	if (!template_desc->fmt)
+	if (!template_desc->fmt) {
+		kfree(template_desc);
+		template_desc = NULL;
 		goto out;
+	}
 
 	spin_lock(&template_list);
 	list_add_tail_rcu(&template_desc->list, &defined_templates);


Patches currently in stable-queue which might be from luhuaxin1@xxxxxxxxxx are

queue-6.0/ima-fix-a-potential-null-pointer-access-in-ima_restore_measurement_list.patch






