[PATCH][next] ima: ima_modsig: Fix use-after-free bug in ima_read_modsig

Mimi Zohar zohar at linux.ibm.com
Wed Aug 28 13:50:15 UTC 2019


Hi Gustavo,

On Sun, 2019-08-11 at 18:55 -0500, Gustavo A. R. Silva wrote:
> hdr is being freed and then dereferenced by accessing hdr->pkcs7_msg
> 
> Fix this by copying the value returned by PTR_ERR(hdr->pkcs7_msg) into
> automatic variable err for its safe use after freeing hdr.
> 
> Addresses-Coverity-ID: 1485813 ("Read from pointer after free")
> Fixes: 39b07096364a ("ima: Implement support for module-style appended signatures")
> Signed-off-by: Gustavo A. R. Silva <gustavo at embeddedor.com>

This bug was reported Julia and addressed by Thiago on 8/7. If you
would like to add your Review/Tested-by, the patch can be found in the
linux-integrity next-queued-testing branch.

thanks,

Mimi



More information about the Linux-security-module-archive mailing list