summaryrefslogtreecommitdiff
path: root/security
diff options
context:
space:
mode:
authorJames Morris <james.morris@microsoft.com>2019-01-16 15:41:11 -0800
committerJames Morris <james.morris@microsoft.com>2019-01-16 15:41:11 -0800
commita5795fd38ee8194451ba3f281f075301a3696ce2 (patch)
treee1081bd211b1ea0857073db96b05d65e896012ac /security
parent9474f4e7cd71a633fa1ef93b7daefd44bbdfd482 (diff)
downloadlwn-a5795fd38ee8194451ba3f281f075301a3696ce2.tar.gz
lwn-a5795fd38ee8194451ba3f281f075301a3696ce2.zip
LSM: Check for NULL cred-security on free
From: Casey Schaufler <casey@schaufler-ca.com> Check that the cred security blob has been set before trying to clean it up. There is a case during credential initialization that could result in this. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.morris@microsoft.com> Reported-by: syzbot+69ca07954461f189e808@syzkaller.appspotmail.com
Diffstat (limited to 'security')
-rw-r--r--security/security.c7
1 files changed, 7 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index f1b8d2587639..55bc49027ba9 100644
--- a/security/security.c
+++ b/security/security.c
@@ -1027,6 +1027,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
void security_cred_free(struct cred *cred)
{
+ /*
+ * There is a failure case in prepare_creds() that
+ * may result in a call here with ->security being NULL.
+ */
+ if (unlikely(cred->security == NULL))
+ return;
+
call_void_hook(cred_free, cred);
}