| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <90e259e4-6877-ee1e-ed6e-aa972f305126@canonical.com>
Date: Wed, 24 Aug 2022 10:10:05 -0700
From: John Johansen <john.johansen@...onical.com>
To: Gaosheng Cui <cuigaosheng1@...wei.com>, paul@...l-moore.com,
jmorris@...ei.org, serge@...lyn.com
Cc: apparmor@...ts.ubuntu.com, linux-security-module@...r.kernel.org,
linux-kernel@...r.kernel.org
Subject: Re: [PATCH] apparmor: fix a memleak in multi_transaction_new()
On 8/22/22 18:15, Gaosheng Cui wrote:
> In multi_transaction_new(), the variable t is not freed or passed out
> on the failure of copy_from_user(t->data, buf, size), which could lead
> to a memleak.
>
> Fix this bug by adding a put_multi_transaction(t) in the error path.
>
> Fixes: 1dea3b41e84c5 ("apparmor: speed up transactional queries")
> Signed-off-by: Gaosheng Cui <cuigaosheng1@...wei.com>
yep, thanks. I will pull this into apparmor-next
Acked-by: John Johansen <john.johansen@...onical.com>
> ---
> security/apparmor/apparmorfs.c | 4 +++-
> 1 file changed, 3 insertions(+), 1 deletion(-)
>
> diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
> index d066ccc219e2..7160e7aa58b9 100644
> --- a/security/apparmor/apparmorfs.c
> +++ b/security/apparmor/apparmorfs.c
> @@ -868,8 +868,10 @@ static struct multi_transaction *multi_transaction_new(struct file *file,
> if (!t)
> return ERR_PTR(-ENOMEM);
> kref_init(&t->count);
> - if (copy_from_user(t->data, buf, size))
> + if (copy_from_user(t->data, buf, size)) {
> + put_multi_transaction(t);
> return ERR_PTR(-EFAULT);
> + }
>
> return t;
> }
Powered by blists - more mailing lists