linux/security/apparmor
Navid Emamdoost c54d481d71 apparmor: Fix use-after-free in aa_audit_rule_init
In the implementation of aa_audit_rule_init(), when aa_label_parse()
fails the allocated memory for rule is released using
aa_audit_rule_free(). But after this release, the return statement
tries to access the label field of the rule which results in
use-after-free. Before releasing the rule, copy errNo and return it
after release.

Fixes: 52e8c38001 ("apparmor: Fix memory leak of rule on error exit path")
Signed-off-by: Navid Emamdoost <navid.emamdoost@gmail.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
2020-05-21 15:25:51 -07:00
..
include + Features 2019-12-03 12:51:35 -08:00
.gitignore .gitignore: add SPDX License Identifier 2020-03-25 11:50:48 +01:00
apparmorfs.c apparmor: Fix aa_label refcnt leak in policy_update 2020-05-21 15:25:51 -07:00
audit.c apparmor: Fix use-after-free in aa_audit_rule_init 2020-05-21 15:25:51 -07:00
capability.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
crypto.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
domain.c apparmor: fix potential label refcnt leak in aa_change_profile 2020-05-21 15:25:51 -07:00
file.c apparmor: only get a label reference if the fast path check fails 2020-01-02 05:31:40 -08:00
ipc.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
Kconfig kunit: building kunit as a module breaks allmodconfig 2020-01-10 14:36:37 -07:00
label.c + Features 2019-12-03 12:51:35 -08:00
lib.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
lsm.c + Features 2019-12-03 12:51:35 -08:00
Makefile apparmor: add base infastructure for socket mediation 2018-03-13 17:25:48 -07:00
match.c + Features 2019-12-03 12:51:35 -08:00
mount.c apparmor: fix bind mounts aborting with -ENOMEM 2020-01-02 05:31:40 -08:00
net.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
nulldfa.in apparmor: cleanup add proper line wrapping to nulldfa.in 2018-02-09 11:30:01 -08:00
path.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
policy_ns.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
policy_unpack_test.c apparmor: add AppArmor KUnit tests for policy unpack 2020-01-09 16:27:43 -07:00
policy_unpack.c apparmor: add AppArmor KUnit tests for policy unpack 2020-01-09 16:27:43 -07:00
policy.c apparmor: fix aa_xattrs_match() may sleep while holding a RCU lock 2020-01-04 15:56:44 -08:00
procattr.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
resource.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
secid.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00
stacksplitdfa.in apparmor: use the dfa to do label parse string splitting 2018-02-09 11:30:01 -08:00
task.c treewide: Replace GPLv2 boilerplate/reference with SPDX - rule 441 2019-06-05 17:37:17 +02:00