Thread (3 messages) 3 messages, 3 authors, 2023-03-28

Re: [PATCH] ima: Fix potential NULL pointer access in ima_match_rules()

From: Mimi Zohar <zohar@linux.ibm.com>
Date: 2023-03-15 00:17:56
Also in: linux-integrity, lkml 

On Tue, 2023-03-14 at 21:03 +0300, Roman Danilov wrote:
In ima_match_rules(), when ima_lsm_copy_rule() fails, NULL pointer
is assigned to lsm_rule. After that, in the next step of the loop
NULL pointer is dereferenced in lsm_rule->lsm[i].rule.
I must being missing something.  The next step of the loop tests
whether rule_reinitialized is set before accessing lsm_rule-
lsm[i].rule.
As far as ima_match_rules() is not designed to return error code,
add __GFP_NOFAIL to make sure memory allocation succeeds.
Using  __GFP_NOFAIL here would be safer.

Found by Linux Verification Center (linuxtesting.org) with SVACE.

Fixes: c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()")
Signed-off-by: Roman Danilov <redacted>
Reviewed-by: Alexey Khoroshilov <redacted>
-- 
thanks,

Mimi

  



    
  

  
    

      

        Keyboard shortcuts
      

      

        
          
hback out one level

          
jnext message in thread

          
kprevious message in thread

          
ldrill in

          
Escclose help / fold thread tree

          
?toggle this help