| Message ID | 20221111101317.5468-1-guozihua@huawei.com (mailing list archive) |
|---|---|
| State | Handled Elsewhere |
| Headers | show |
| Series | [v2] integrity: Fix memory leakage in keyring allocation error path | expand |
On Fri, 2022-11-11 at 18:13 +0800, GUO Zihua wrote: > Key restriction is alloced in integrity_init_keyring(). However, if > keyring allocation failed, it is not freed, causing memory leaks. > > Fixes: 2b6aa412ff23 ("KEYS: Use structure to capture key restriction function and data") > Signed-off-by: GUO Zihua <guozihua@huawei.com> Thanks, applied. Mimi
diff --git a/security/integrity/digsig.c b/security/integrity/digsig.c index 8a82a6c7f48a..f2193c531f4a 100644 --- a/security/integrity/digsig.c +++ b/security/integrity/digsig.c @@ -126,6 +126,7 @@ int __init integrity_init_keyring(const unsigned int id) { struct key_restriction *restriction; key_perm_t perm; + int ret; perm = (KEY_POS_ALL & ~KEY_POS_SETATTR) | KEY_USR_VIEW | KEY_USR_READ | KEY_USR_SEARCH; @@ -154,7 +155,10 @@ int __init integrity_init_keyring(const unsigned int id) perm |= KEY_USR_WRITE; out: - return __integrity_init_keyring(id, perm, restriction); + ret = __integrity_init_keyring(id, perm, restriction); + if (ret) + kfree(restriction); + return ret; } static int __init integrity_add_key(const unsigned int id, const void *data,
Key restriction is alloced in integrity_init_keyring(). However, if keyring allocation failed, it is not freed, causing memory leaks. Fixes: 2b6aa412ff23 ("KEYS: Use structure to capture key restriction function and data") Signed-off-by: GUO Zihua <guozihua@huawei.com> --- v2: Added Fixes tag. Changed subject. V1 patch is here: https://patchwork.kernel.org/project/linux-integrity/patch/20221109094618.64265-1-guozihua@huawei.com/ --- security/integrity/digsig.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-)