[PATCH][next] ima: ima_modsig: Fix use-after-free bug in ima_read_modsig

Gustavo A. R. Silva gustavo at embeddedor.com
Wed Aug 28 18:55:45 UTC 2019



On 8/28/19 8:50 AM, Mimi Zohar wrote:
> Hi Gustavo,
> 
> On Sun, 2019-08-11 at 18:55 -0500, Gustavo A. R. Silva wrote:
>> hdr is being freed and then dereferenced by accessing hdr->pkcs7_msg
>>
>> Fix this by copying the value returned by PTR_ERR(hdr->pkcs7_msg) into
>> automatic variable err for its safe use after freeing hdr.
>>
>> Addresses-Coverity-ID: 1485813 ("Read from pointer after free")
>> Fixes: 39b07096364a ("ima: Implement support for module-style appended signatures")
>> Signed-off-by: Gustavo A. R. Silva <gustavo at embeddedor.com>
> 
> This bug was reported Julia and addressed by Thiago on 8/7. If you
> would like to add your Review/Tested-by, the patch can be found in the
> linux-integrity next-queued-testing branch.
> 

I'm glad this is fixed now. :)

Yeah, you can add my:

Reviewed-by: Gustavo A. R. Silva <gustavo at embeddedor.com>

Thanks
--
Gustavo



More information about the Linux-security-module-archive mailing list