[10/27] ima: free duplicate measurement memory
From: Greg KH
Date: Mon Jan 23 2012 - 18:46:00 EST
2.6.32-longterm review patch. If anyone has any objections, please let me know.
------------------
From: Roberto Sassu <roberto.sassu@xxxxxxxxx>
commit 45fae7493970d7c45626ccd96d4a74f5f1eea5a9 upstream.
Info about new measurements are cached in the iint for performance. When
the inode is flushed from cache, the associated iint is flushed as well.
Subsequent access to the inode will cause the inode to be re-measured and
will attempt to add a duplicate entry to the measurement list.
This patch frees the duplicate measurement memory, fixing a memory leak.
Signed-off-by: Roberto Sassu <roberto.sassu@xxxxxxxxx>
Signed-off-by: Mimi Zohar <zohar@xxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxx>
---
security/integrity/ima/ima_api.c | 4 ++--
security/integrity/ima/ima_queue.c | 1 +
2 files changed, 3 insertions(+), 2 deletions(-)
--- a/security/integrity/ima/ima_api.c
+++ b/security/integrity/ima/ima_api.c
@@ -183,8 +183,8 @@ void ima_store_measurement(struct ima_ii
strncpy(entry->template.file_name, filename, IMA_EVENT_NAME_LEN_MAX);
result = ima_store_template(entry, violation, inode);
- if (!result)
+ if (!result || result == -EEXIST)
iint->flags |= IMA_MEASURED;
- else
+ if (result < 0)
kfree(entry);
}
--- a/security/integrity/ima/ima_queue.c
+++ b/security/integrity/ima/ima_queue.c
@@ -113,6 +113,7 @@ int ima_add_template_entry(struct ima_te
memcpy(digest, entry->digest, sizeof digest);
if (ima_lookup_digest_entry(digest)) {
audit_cause = "hash_exists";
+ result = -EEXIST;
goto out;
}
}
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/