| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 23 Aug 2022 10:23:13 +0200
From: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
To: linux-kernel@...r.kernel.org
Cc: Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
stable@...r.kernel.org, Xiyu Yang <xiyuyang19@...an.edu.cn>,
Xin Tan <tanxin.ctf@...il.com>,
Xin Xiong <xiongx18@...an.edu.cn>,
John Johansen <john.johansen@...onical.com>
Subject: [PATCH 5.15 034/244] apparmor: fix reference count leak in aa_pivotroot()
From: Xin Xiong <xiongx18@...an.edu.cn>
commit 11c3627ec6b56c1525013f336f41b79a983b4d46 upstream.
The aa_pivotroot() function has a reference counting bug in a specific
path. When aa_replace_current_label() returns on success, the function
forgets to decrement the reference count of “target”, which is
increased earlier by build_pivotroot(), causing a reference leak.
Fix it by decreasing the refcount of “target” in that path.
Fixes: 2ea3ffb7782a ("apparmor: add mount mediation")
Co-developed-by: Xiyu Yang <xiyuyang19@...an.edu.cn>
Signed-off-by: Xiyu Yang <xiyuyang19@...an.edu.cn>
Co-developed-by: Xin Tan <tanxin.ctf@...il.com>
Signed-off-by: Xin Tan <tanxin.ctf@...il.com>
Signed-off-by: Xin Xiong <xiongx18@...an.edu.cn>
Signed-off-by: John Johansen <john.johansen@...onical.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
security/apparmor/mount.c | 1 +
1 file changed, 1 insertion(+)
--- a/security/apparmor/mount.c
+++ b/security/apparmor/mount.c
@@ -719,6 +719,7 @@ int aa_pivotroot(struct aa_label *label,
aa_put_label(target);
goto out;
}
+ aa_put_label(target);
} else
/* already audited error */
error = PTR_ERR(target);
Powered by blists - more mailing lists