[PATCH] ima: Fix potential NULL pointer access in ima_match_rules()
Mimi Zohar
zohar at linux.ibm.com
Wed Mar 15 00:17:02 UTC 2023
On Tue, 2023-03-14 at 21:03 +0300, Roman Danilov wrote:
> In ima_match_rules(), when ima_lsm_copy_rule() fails, NULL pointer
> is assigned to lsm_rule. After that, in the next step of the loop
> NULL pointer is dereferenced in lsm_rule->lsm[i].rule.
I must being missing something. The next step of the loop tests
whether rule_reinitialized is set before accessing lsm_rule-
>lsm[i].rule.
>
> As far as ima_match_rules() is not designed to return error code,
> add __GFP_NOFAIL to make sure memory allocation succeeds.
Using __GFP_NOFAIL here would be safer.
>
> Found by Linux Verification Center (linuxtesting.org) with SVACE.
>
> Fixes: c7423dbdbc9e ("ima: Handle -ESTALE returned by ima_filter_rule_match()")
> Signed-off-by: Roman Danilov <romanosauce57 at gmail.com>
> Reviewed-by: Alexey Khoroshilov <khoroshilov at ispras.ru>
--
thanks,
Mimi
More information about the Linux-security-module-archive
mailing list