Commit "IMA: policy can now be updated multiple times" assumed that the
policy would be updated at least once.
If there are zero updates, the temporary list head object will get added
to the policy list, and later dereferenced as an IMA policy object, which
means that invalid memory will be accessed.
Signed-off-by: Sasha Levin <sasha.le...@oracle.com>
---
security/integrity/ima/ima_policy.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/security/integrity/ima/ima_policy.c
b/security/integrity/ima/ima_policy.c
index ba5d2fc..9b958b8 100644
--- a/security/integrity/ima/ima_policy.c
+++ b/security/integrity/ima/ima_policy.c
@@ -431,6 +431,9 @@ void ima_update_policy(void)
{
struct list_head *first, *last, *policy;
+ if (list_empty(&ima_temp_rules))
+ return;
+
/* append current policy with the new rules */
first = (&ima_temp_rules)->next;
last = (&ima_temp_rules)->prev;
--
1.7.10.4
--
To unsubscribe from this list: send the line "unsubscribe
linux-security-module" in
the body of a message to majord...@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
