[PATCH -next] Revert "evm: Fix memleak in init_desc"
xiujianfeng
xiujianfeng at huawei.com
Sat Jun 11 03:24:54 UTC 2022
在 2022/6/10 22:20, Mimi Zohar 写道:
> On Fri, 2022-05-27 at 19:17 +0800, Xiu Jianfeng wrote:
>> This reverts commit ccf11dbaa07b328fa469415c362d33459c140a37.
>>
>> Commit ccf11dbaa07b ("evm: Fix memleak in init_desc") said there is
>> memleak in init_desc. That may be incorrect, as we can see, tmp_tfm is
>> saved in one of the two global variables hmac_tfm ohr evm_tfm[hash_algo],
>> then if init_desc is called next time, there is no need to alloc tfm
>> again, so in the error path of kmalloc desc or crypto_shash_init(desc),
>> It is not a problem without freeing tmp_tfm.
>>
>> And also that commit did not reset the global variable to NULL after
>> freeing tmp_tfm and this makes *tfm a dangling pointer which may cause a
>> UAF issue.
>>
>> Signed-off-by: Xiu Jianfeng <xiujianfeng at huawei.com>
> Agreed, thanks. This was first reported by Guozihua (Scott) <
> guozihua at huawei.com>. If neither you nor Scott object, I'll add his
> Reported-by tag.
Good for me, thanks.
>
> thanks,
>
> Mimi
>
>
>
>
>
> .
More information about the Linux-security-module-archive
mailing list