ima: Directly free *entry in ima_alloc_init_template() if digests is …

…NULL To support multiple template digests, the static array entry->digest has been replaced with a dynamically allocated array in commit aa724fe ("ima: Switch to dynamically allocated buffer for template digests"). The array is allocated in ima_alloc_init_template() and if the returned pointer is NULL, ima_free_template_entry() is called. However, (*entry)->template_desc is not yet initialized while it is used by ima_free_template_entry(). This patch fixes the issue by directly freeing *entry without calling ima_free_template_entry(). Fixes: aa724fe ("ima: Switch to dynamically allocated buffer for template digests") Reported-by: [email protected] Signed-off-by: Roberto Sassu <[email protected]> Signed-off-by: Mimi Zohar <[email protected]>
kawasaki · Jun 5, 2020 · 42413b4 · 42413b4
1 parent 6cc7c26
commit 42413b4
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c
@@ -55,8 +55,9 @@ int ima_alloc_init_template(struct ima_event_data *event_data,
 	digests = kcalloc(NR_BANKS(ima_tpm_chip) + ima_extra_slots,
 			  sizeof(*digests), GFP_NOFS);
 	if (!digests) {
-		result = -ENOMEM;
-		goto out;
+		kfree(*entry);
+		*entry = NULL;
+		return -ENOMEM;
 	}
 
 	(*entry)->digests = digests;