[PATCH] apparmor: fix reference count leak in aa_pivotroot()
John Johansen
john.johansen at canonical.com
Thu May 19 08:58:11 UTC 2022
On 4/27/22 20:39, Xin Xiong wrote:
> The aa_pivotroot() function has a reference counting bug in a specific
> path. When aa_replace_current_label() returns on success, the function
> forgets to decrement the reference count of “target”, which is
> increased earlier by build_pivotroot(), causing a reference leak.
>
> Fix it by decreasing the refcount of “target” in that path.
>
> Fixes: 2ea3ffb7782a ("apparmor: add mount mediation")
> Co-developed-by: Xiyu Yang <xiyuyang19 at fudan.edu.cn>
> Signed-off-by: Xiyu Yang <xiyuyang19 at fudan.edu.cn>
> Co-developed-by: Xin Tan <tanxin.ctf at gmail.com>
> Signed-off-by: Xin Tan <tanxin.ctf at gmail.com>
> Signed-off-by: Xin Xiong <xiongx18 at fudan.edu.cn>
thanks I have pulled it into my tree
Acked-by: John Johansen <john.johansen at canonical.com>
> ---
> security/apparmor/mount.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c
> index aa6fcfde3051..d0b19ab9137d 100644
> --- a/security/apparmor/mount.c
> +++ b/security/apparmor/mount.c
> @@ -718,6 +718,7 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path,
> aa_put_label(target);
> goto out;
> }
> + aa_put_label(target);
> } else
> /* already audited error */
> error = PTR_ERR(target);
More information about the Linux-security-module-archive
mailing list