IMA: policy can be updated zero times

Commit "IMA: policy can now be updated multiple times" assumed that the policy would be updated at least once. If there are zero updates, the temporary list head object will get added to the policy list, and later dereferenced as an IMA policy object, which means that invalid memory will be accessed. Changelog: - Move list_empty() test to ima_release_policy(), before audit msg - Mimi Signed-off-by: Sasha Levin <sasha.levin@oracle.com> Signed-off-by: Mimi Zohar <zohar@linux.vnet.ibm.com>
author: Sasha Levin <sasha.levin@oracle.com> 2015-12-22 13:51:23 (GMT)
committer: Mimi Zohar <zohar@linux.vnet.ibm.com> 2015-12-24 23:56:45 (GMT)
commit: 0112721df4edbdd07b800813300d76811572f080 (patch)
tree: 9ad07cfcfdd6aedb1c0764187b95646d05b83b1a /security/integrity/ima/ima_fs.c
parent: 92cc916638a48f285736cd5541536e2e1b73ecf8 (diff)
download: linux-0112721df4edbdd07b800813300d76811572f080.tar.xz
1 files changed, 5 insertions, 0 deletions
diff --git a/security/integrity/ima/ima_fs.c b/security/integrity/ima/ima_fs.c
index eebb985..3caed6d 100644
--- a/security/integrity/ima/ima_fs.c
+++ b/security/integrity/ima/ima_fs.c
@@ -355,6 +355,11 @@ static int ima_release_policy(struct inode *inode, struct file *file)
 	if ((file->f_flags & O_ACCMODE) == O_RDONLY)
 		return 0;
 
+	if (valid_policy && ima_check_policy() < 0) {
+		cause = "failed";
+		valid_policy = 0;
+	}
+
 	pr_info("IMA: policy update %s\n", cause);
 	integrity_audit_msg(AUDIT_INTEGRITY_STATUS, NULL, NULL,
 			    "policy_update", cause, !valid_policy, 0);
author	Sasha Levin <sasha.levin@oracle.com>	2015-12-22 13:51:23 (GMT)
committer	Mimi Zohar <zohar@linux.vnet.ibm.com>	2015-12-24 23:56:45 (GMT)
commit	0112721df4edbdd07b800813300d76811572f080 (patch)
tree	9ad07cfcfdd6aedb1c0764187b95646d05b83b1a /security/integrity/ima/ima_fs.c
parent	92cc916638a48f285736cd5541536e2e1b73ecf8 (diff)
download	linux-0112721df4edbdd07b800813300d76811572f080.tar.xz