R0dn3yS/android_kernel_xiaomi_sm7250
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6451e3ce91
android_kernel_xiaomi_sm7250/security
History
Gaosheng Cui 90577bcc01 capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 
commit 8cf0a1bc12870d148ae830a4ba88cfdf0e879cee upstream.

In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to
complete the memory allocation of tmpbuf, if we have completed
the memory allocation of tmpbuf, but failed to call handler->get(...),
there will be a memleak in below logic:

  |-- ret = (int)vfs_getxattr_alloc(mnt_userns, ...)
    |           /* ^^^ alloc for tmpbuf */
    |-- value = krealloc(*xattr_value, error + 1, flags)
    |           /* ^^^ alloc memory */
    |-- error = handler->get(handler, ...)
    |           /* error! */
    |-- *xattr_value = value
    |           /* xattr_value is &tmpbuf (memory leak!) */

So we will try to free(tmpbuf) after vfs_getxattr_alloc() fails to fix it.

Cc: stable@vger.kernel.org
Fixes: 8db6c34f1d ("Introduce v3 namespaced file capabilities")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
Acked-by: Serge Hallyn <serge@hallyn.com>
[PM: subject line and backtrace tweaks]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-11-10 17:46:55 +01:00
..
apparmor apparmor: Fix memleak in aa_simple_write_to_buffer() 2022-08-25 11:15:36 +02:00
integrity ima: Free the entire rule if it fails to parse 2022-10-05 10:36:45 +02:00
keys KEYS: trusted: Fix migratable=1 failing 2021-03-04 09:39:53 +01:00
loadpin module: replace the existing LSM hook in init_module 2018-07-16 12:31:57 -07:00
selinux selinux: Add boundary check in put_entry() 2022-08-25 11:15:00 +02:00
smack Fix incorrect type in assignment of ipv6 port for audit 2022-04-15 14:14:54 +02:00
tomoyo TOMOYO: fix __setup handlers return values 2022-04-15 14:14:48 +02:00
yama Yama: Check for pid death before checking ancestry 2019-01-22 21:40:32 +01:00
commoncap.c capabilities: fix potential memleak on error path from vfs_getxattr_alloc() 2022-11-10 17:46:55 +01:00
device_cgroup.c device_cgroup: fix RCU imbalance in error case 2019-04-27 09:36:40 +02:00
inode.c securityfs: fix use-after-free on symlink traversal 2019-05-25 18:23:42 +02:00
Kconfig fortify: Explicitly disable Clang support 2021-11-26 11:36:18 +01:00
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:22:37 +01:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
min_addr.c License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
security.c binder: use cred instead of task for selinux checks 2021-11-26 11:35:56 +01:00