android/android_kernel_xiaomi_sm8450
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9d883b3f00
android_kernel_xiaomi_sm8450/security
History
Xiu Jianfeng 9d883b3f00 Revert "evm: Fix memleak in init_desc" 
commit 51dd64bb99e4478fc5280171acd8e1b529eadaf7 upstream.

This reverts commit ccf11dbaa07b328fa469415c362d33459c140a37.

Commit ccf11dbaa07b ("evm: Fix memleak in init_desc") said there is
memleak in init_desc. That may be incorrect, as we can see, tmp_tfm is
saved in one of the two global variables hmac_tfm or evm_tfm[hash_algo],
then if init_desc is called next time, there is no need to alloc tfm
again, so in the error path of kmalloc desc or crypto_shash_init(desc),
It is not a problem without freeing tmp_tfm.

And also that commit did not reset the global variable to NULL after
freeing tmp_tfm and this makes *tfm a dangling pointer which may cause a
UAF issue.

Reported-by: Guozihua (Scott) <guozihua@huawei.com>
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-07-21 21:20:02 +02:00
..
apparmor apparmor: fix error check 2021-11-18 14:04:22 +01:00
bpf bpf: Implement bpf_local_storage for inodes 2020-08-25 15:00:04 -07:00
integrity Revert "evm: Fix memleak in init_desc" 2022-07-21 21:20:02 +02:00
keys KEYS: fix length validation in keyctl_pkey_params_get_2() 2022-04-08 14:39:50 +02:00
loadpin LSM: Add "contents" flag to kernel_read_file hook 2020-10-05 13:37:03 +02:00
lockdown Merge branch 'next-general' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2020-06-02 17:36:24 -07:00
safesetid LSM: SafeSetID: Fix warnings reported by test bot 2020-10-13 09:17:36 -07:00
selinux lsm,selinux: pass flowi_common instead of flowi to the LSM hooks 2022-06-09 10:21:09 +02:00
smack Fix incorrect type in assignment of ipv6 port for audit 2022-04-08 14:40:31 +02:00
tomoyo TOMOYO: fix __setup handlers return values 2022-04-08 14:40:18 +02:00
yama task_work: cleanup notification modes 2020-10-17 15:05:30 -06:00
commoncap.c security: commoncap: fix -Wstringop-overread warning 2021-05-11 14:47:36 +02:00
device_cgroup.c device_cgroup: Fix RCU list debugging warning 2020-08-20 11:25:03 -07:00
inode.c Merge branch 'work.mount0' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2019-07-19 10:42:02 -07:00
Kconfig fortify: Explicitly disable Clang support 2021-11-21 13:46:35 +01:00
Kconfig.hardening security: allow using Clang's zero initialization for stack variables 2020-06-16 02:06:23 -07:00
lsm_audit.c dump_common_audit_data(): fix racy accesses to ->d_name 2021-01-19 18:27:29 +01:00
Makefile device_cgroup: Cleanup cgroup eBPF device filter code 2020-04-13 14:41:54 -04:00
min_addr.c sysctl: pass kernel pointers to ->proc_handler 2020-04-27 02:07:40 -04:00
security.c lsm,selinux: pass flowi_common instead of flowi to the LSM hooks 2022-06-09 10:21:09 +02:00