| From b305f7ed0f4f494ad6f3ef5667501535d5a8fa31 Mon Sep 17 00:00:00 2001 |
| From: Yi Wang <wang.yi59@zte.com.cn> |
| Date: Wed, 25 Jul 2018 10:26:19 +0800 |
| Subject: audit: fix potential null dereference 'context->module.name' |
| |
| From: Yi Wang <wang.yi59@zte.com.cn> |
| |
| commit b305f7ed0f4f494ad6f3ef5667501535d5a8fa31 upstream. |
| |
| The variable 'context->module.name' may be null pointer when |
| kmalloc return null, so it's better to check it before using |
| to avoid null dereference. |
| Another one more thing this patch does is using kstrdup instead |
| of (kmalloc + strcpy), and signal a lost record via audit_log_lost. |
| |
| Cc: stable@vger.kernel.org # 4.11 |
| Signed-off-by: Yi Wang <wang.yi59@zte.com.cn> |
| Reviewed-by: Jiang Biao <jiang.biao2@zte.com.cn> |
| Reviewed-by: Richard Guy Briggs <rgb@redhat.com> |
| Signed-off-by: Paul Moore <paul@paul-moore.com> |
| Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> |
| |
| --- |
| kernel/auditsc.c | 13 +++++++++---- |
| 1 file changed, 9 insertions(+), 4 deletions(-) |
| |
| --- a/kernel/auditsc.c |
| +++ b/kernel/auditsc.c |
| @@ -1274,8 +1274,12 @@ static void show_special(struct audit_co |
| break; |
| case AUDIT_KERN_MODULE: |
| audit_log_format(ab, "name="); |
| - audit_log_untrustedstring(ab, context->module.name); |
| - kfree(context->module.name); |
| + if (context->module.name) { |
| + audit_log_untrustedstring(ab, context->module.name); |
| + kfree(context->module.name); |
| + } else |
| + audit_log_format(ab, "(null)"); |
| + |
| break; |
| } |
| audit_log_end(ab); |
| @@ -2387,8 +2391,9 @@ void __audit_log_kern_module(char *name) |
| { |
| struct audit_context *context = current->audit_context; |
| |
| - context->module.name = kmalloc(strlen(name) + 1, GFP_KERNEL); |
| - strcpy(context->module.name, name); |
| + context->module.name = kstrdup(name, GFP_KERNEL); |
| + if (!context->module.name) |
| + audit_log_lost("out of memory in __audit_log_kern_module"); |
| context->type = AUDIT_KERN_MODULE; |
| } |
| |