lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:	Mon,  5 Dec 2011 16:38:36 +0100
From:	Roberto Sassu <roberto.sassu@...ito.it>
To:	linux-security-module@...r.kernel.org
Cc:	linux-kernel@...r.kernel.org, zohar@...ux.vnet.ibm.com,
	srajiv@...ux.vnet.ibm.com, jmorris@...ei.org,
	Roberto Sassu <roberto.sassu@...ito.it>
Subject: [PATCH] ima: fix memory leak and invalid memory reference bugs

This patch frees the memory of measurements entries that have already
been inserted in the measurements list and prevent the release when the
PCR extend operation failed.

Signed-off-by: Roberto Sassu <roberto.sassu@...ito.it>
---
 security/integrity/ima/ima_api.c   |    4 ++--
 security/integrity/ima/ima_queue.c |   10 ++++++----
 2 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
index 0d50df0..88a2788 100644
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -178,8 +178,8 @@ void ima_store_measurement(struct integrity_iint_cache *iint,
 	strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
 
 	result = ima_store_template(entry, violation, inode);
-	if (!result)
+	if (!result || result == -EEXIST)
 		iint->flags |= IMA_MEASURED;
-	else
+	if (result < 0)
 		kfree(entry);
 }
diff --git a/security/integrity/ima/ima_queue.c b/security/integrity/ima/ima_queue.c
index 8e28f04..0fe41b81 100644
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -94,7 +94,8 @@ static int ima_pcr_extend(const u8 *hash)
 
 	result = tpm_pcr_extend(TPM_ANY_NUM, CONFIG_IMA_MEASURE_PCR_IDX, hash);
 	if (result != 0)
-		pr_err("IMA: Error Communicating to TPM chip\n");
+		pr_err("IMA: Error Communicating to TPM chip, result: %d\n",
+		       result);
 	return result;
 }
 
@@ -107,13 +108,14 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
 	u8 digest[IMA_DIGEST_SIZE];
 	const char *audit_cause = "hash_added";
 	int audit_info = 1;
-	int result = 0;
+	int result = 0, tpmresult = 0;
 
 	mutex_lock(&ima_extend_list_mutex);
 	if (!violation) {
 		memcpy(digest, entry->digest, sizeof digest);
 		if (ima_lookup_digest_entry(digest)) {
 			audit_cause = "hash_exists";
+			result = -EEXIST;
 			goto out;
 		}
 	}
@@ -128,8 +130,8 @@ int ima_add_template_entry(struct ima_template_entry *entry, int violation,
 	if (violation)		/* invalidate pcr */
 		memset(digest, 0xff, sizeof digest);
 
-	result = ima_pcr_extend(digest);
-	if (result != 0) {
+	tpmresult = ima_pcr_extend(digest);
+	if (tpmresult != 0) {
 		audit_cause = "TPM error";
 		audit_info = 0;
 	}
-- 
1.7.6.4


Download attachment "smime.p7s" of type "application/x-pkcs7-signature" (2061 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ