| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <cc5b4371-0386-fac8-e1f0-9f29a23a15ed@embeddedor.com>
Date: Wed, 28 Aug 2019 13:55:45 -0500
From: "Gustavo A. R. Silva" <gustavo@...eddedor.com>
To: Mimi Zohar <zohar@...ux.ibm.com>,
Dmitry Kasatkin <dmitry.kasatkin@...il.com>,
James Morris <jmorris@...ei.org>,
"Serge E. Hallyn" <serge@...lyn.com>,
Thiago Jung Bauermann <bauerman@...ux.ibm.com>
Cc: linux-integrity@...r.kernel.org,
linux-security-module@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: Re: [PATCH][next] ima: ima_modsig: Fix use-after-free bug in
ima_read_modsig
On 8/28/19 8:50 AM, Mimi Zohar wrote:
> Hi Gustavo,
>
> On Sun, 2019-08-11 at 18:55 -0500, Gustavo A. R. Silva wrote:
>> hdr is being freed and then dereferenced by accessing hdr->pkcs7_msg
>>
>> Fix this by copying the value returned by PTR_ERR(hdr->pkcs7_msg) into
>> automatic variable err for its safe use after freeing hdr.
>>
>> Addresses-Coverity-ID: 1485813 ("Read from pointer after free")
>> Fixes: 39b07096364a ("ima: Implement support for module-style appended signatures")
>> Signed-off-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
>
> This bug was reported Julia and addressed by Thiago on 8/7. If you
> would like to add your Review/Tested-by, the patch can be found in the
> linux-integrity next-queued-testing branch.
>
I'm glad this is fixed now. :)
Yeah, you can add my:
Reviewed-by: Gustavo A. R. Silva <gustavo@...eddedor.com>
Thanks
--
Gustavo
Powered by blists - more mailing lists