| Message ID | 20220428033907.1658-1-xiongx18@fudan.edu.cn (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | apparmor: fix reference count leak in aa_pivotroot() | expand |
On 4/27/22 20:39, Xin Xiong wrote: > The aa_pivotroot() function has a reference counting bug in a specific > path. When aa_replace_current_label() returns on success, the function > forgets to decrement the reference count of “target”, which is > increased earlier by build_pivotroot(), causing a reference leak. > > Fix it by decreasing the refcount of “target” in that path. > > Fixes: 2ea3ffb7782a ("apparmor: add mount mediation") > Co-developed-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> > Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> > Co-developed-by: Xin Tan <tanxin.ctf@gmail.com> > Signed-off-by: Xin Tan <tanxin.ctf@gmail.com> > Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn> thanks I have pulled it into my tree Acked-by: John Johansen <john.johansen@canonical.com> > --- > security/apparmor/mount.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c > index aa6fcfde3051..d0b19ab9137d 100644 > --- a/security/apparmor/mount.c > +++ b/security/apparmor/mount.c > @@ -718,6 +718,7 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path, > aa_put_label(target); > goto out; > } > + aa_put_label(target); > } else > /* already audited error */ > error = PTR_ERR(target);
diff --git a/security/apparmor/mount.c b/security/apparmor/mount.c index aa6fcfde3051..d0b19ab9137d 100644 --- a/security/apparmor/mount.c +++ b/security/apparmor/mount.c @@ -718,6 +718,7 @@ int aa_pivotroot(struct aa_label *label, const struct path *old_path, aa_put_label(target); goto out; } + aa_put_label(target); } else /* already audited error */ error = PTR_ERR(target);
The aa_pivotroot() function has a reference counting bug in a specific path. When aa_replace_current_label() returns on success, the function forgets to decrement the reference count of “target”, which is increased earlier by build_pivotroot(), causing a reference leak. Fix it by decreasing the refcount of “target” in that path. Fixes: 2ea3ffb7782a ("apparmor: add mount mediation") Co-developed-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> Signed-off-by: Xiyu Yang <xiyuyang19@fudan.edu.cn> Co-developed-by: Xin Tan <tanxin.ctf@gmail.com> Signed-off-by: Xin Tan <tanxin.ctf@gmail.com> Signed-off-by: Xin Xiong <xiongx18@fudan.edu.cn> --- security/apparmor/mount.c | 1 + 1 file changed, 1 insertion(+)