From: GUO Zihua guozihua@huawei.com
Offering: HULK hulk inclusion category: bugfix bugzilla: https://gitee.com/openeuler/kernel/issues/I6P3K4 CVE: NA
--------------------------------
There is a memory leakage in ima_store_template when ima_add_template_entry returns a non-zero value and duplicated_entry was successfully generated. Fix it by freeing duplicated_entry in that case.
Fixes: 31604143977f ("ima: Add support for measurement with digest lists") Signed-off-by: GUO Zihua guozihua@huawei.com Reviewed-by: yiyang yiyang13@huawei.com Reviewed-by: Cai Xinchen caixinchen1@huawei.com Reviewed-by: Wang Weiyang wangweiyang2@huawei.com Reviewed-by: Xiu Jianfeng xiujianfeng@huawei.com Signed-off-by: Jialin Zhang zhangjialin11@huawei.com --- security/integrity/ima/ima_api.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/security/integrity/ima/ima_api.c b/security/integrity/ima/ima_api.c index d9f4599dee40..6ecaf6834844 100644 --- a/security/integrity/ima/ima_api.c +++ b/security/integrity/ima/ima_api.c @@ -133,7 +133,9 @@ int ima_store_template(struct ima_template_entry *entry,
entry->pcr = pcr; result = ima_add_template_entry(entry, violation, op, inode, filename); - if (!result && duplicated_entry) { + if (result) { + kfree(duplicated_entry); + } else if (duplicated_entry) { result = ima_add_template_entry(duplicated_entry, violation, op, inode, filename); if (result < 0)