[PATCH][next] ima: ima_modsig: Fix use-after-free bug in ima_read_modsig
Mimi Zohar
zohar at linux.ibm.com
Wed Aug 28 13:50:15 UTC 2019
Hi Gustavo,
On Sun, 2019-08-11 at 18:55 -0500, Gustavo A. R. Silva wrote:
> hdr is being freed and then dereferenced by accessing hdr->pkcs7_msg
>
> Fix this by copying the value returned by PTR_ERR(hdr->pkcs7_msg) into
> automatic variable err for its safe use after freeing hdr.
>
> Addresses-Coverity-ID: 1485813 ("Read from pointer after free")
> Fixes: 39b07096364a ("ima: Implement support for module-style appended signatures")
> Signed-off-by: Gustavo A. R. Silva <gustavo at embeddedor.com>
This bug was reported Julia and addressed by Thiago on 8/7. If you
would like to add your Review/Tested-by, the patch can be found in the
linux-integrity next-queued-testing branch.
thanks,
Mimi
More information about the Linux-security-module-archive
mailing list