Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp857272yba; Thu, 18 Apr 2019 10:42:37 -0700 (PDT) X-Google-Smtp-Source: APXvYqzUtxsFUqBKd+gBKE1c5F+CeP7LjeWkIVKbO9bxoahyOghjEDoiItQ9usosIm56/9i+zAj0 X-Received: by 2002:a17:902:441:: with SMTP id 59mr22773153ple.242.1555609356963; Thu, 18 Apr 2019 10:42:36 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555609356; cv=none; d=google.com; s=arc-20160816; b=FqccFNjVe6UUUTvlG4KQGcz1uIniTHApRmPSH7D0MkWOGTO86PfbuXgHO5lze5O5PA X/E7LxoehZzYnSxFMplGUEvbKXYFK93drlqusRhwkCfK6IOp1RS6wiUdHj8+J6Oowc6Z jnbb5NSopxq5p5afkqdpZ+5BwU1e6akQMf1k6SrmS/WLJgwpcV0QR9BNSegqqPOMuTt1 UkFVBinsBcRIIVWax6OkL2+YRpX4X9XqWKh70//iMckqrxsHTEo9UWkDjYVPo0EZ58dS 1uCMWVUnCEdILpOFnRAQI1HgD7S6QRUFs/kGkYve/D56w4W4Qw9gWpW64X9h571iADGq Ay0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=oeFHUzAqKBcM7sdG/P3+juEhpgnMteWOUhmnJ8I+jVs=; b=MThrlfDPwdpEoIWSVomoWvxyTxTrb4pkqjQhPIQQ3jPg/FuV176WBNnIfDjxO9nPRT H3MoSmk9jVFvO9VNHJ7YZRfZIx53f0aPpV2kD1CUX3u0veKzSWWeUXzB2ZYtBBE5Xem0 j2BbetYF1mvzhw4F4uTKflkzbGS7UQNGkosyxox8RIVVcTsA2ueS4gFuH+WgOXLVi9aJ Pt4IK0WTxuCl1bnaAGYP0T1UPJcKfVaW8TFqdwmuFhwqg9D36/e7+kASA82MJP7CUZut 1UhTKamc5m5Iozz32RtxQbu7loGeqx+2AvzHsX5U2PbdsFPNZvgAsdNQyGgNHYc1CrDY M9ZA== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=A+lf3Hyb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id h73si2950920pfj.220.2019.04.18.10.42.21; Thu, 18 Apr 2019 10:42:36 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=A+lf3Hyb; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S2389824AbfDRRj3 (ORCPT + 99 others); Thu, 18 Apr 2019 13:39:29 -0400 Received: from mta-p8.oit.umn.edu ([134.84.196.208]:51464 "EHLO mta-p8.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1731317AbfDRRj2 (ORCPT ); Thu, 18 Apr 2019 13:39:28 -0400 Received: from localhost (unknown [127.0.0.1]) by mta-p8.oit.umn.edu (Postfix) with ESMTP id B68236C0 for ; Thu, 18 Apr 2019 17:39:26 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p8.oit.umn.edu ([127.0.0.1]) by localhost (mta-p8.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id clIX48uwafPu for ; Thu, 18 Apr 2019 12:39:26 -0500 (CDT) Received: from mail-it1-f200.google.com (mail-it1-f200.google.com [209.85.166.200]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p8.oit.umn.edu (Postfix) with ESMTPS id 91F08255 for ; Thu, 18 Apr 2019 12:39:26 -0500 (CDT) Received: by mail-it1-f200.google.com with SMTP id m192so2916773ita.8 for ; Thu, 18 Apr 2019 10:39:26 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=from:to:cc:subject:date:message-id; bh=oeFHUzAqKBcM7sdG/P3+juEhpgnMteWOUhmnJ8I+jVs=; b=A+lf3Hyb97cVq+JCb2Z0wGeJi4R/VlpBgSY+z4mCZUm8YG+Qfo2RAewVcbSgFENhdc E4zwEbT/oa/3LjJP37vTWvk+HelYA4Kytli/pmc4T6/kU/F2bVn+Nqf3MX3wSbucycei BrC53xnsGyhs0Lo1y9IlaSyrHohx4H4jJI/z3D6LUjOaHqmbAQl03jJcXexAotik168b sy42JeZj4mKENYinedCBtxxSetwqAZUXGSPmCXUdJzXOupBTc8Vq0xsp3mEj7sKe3rX0 gt3b+ffao6yxhtnJ7ilFnMV8nJttFxg3FzEIp9rJ02wf78LAUuk4jw19SQHaO2zqF0SJ DDAw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=oeFHUzAqKBcM7sdG/P3+juEhpgnMteWOUhmnJ8I+jVs=; b=mGEmZ6Ywj63csjBTOuimmaTryAGSGoWgaS0xNvrWOjXCaTpIkrSZIV4yYJ1BB0eio7 BKIO1dXPDYUINXyRArc38n1OdTUJ4ictpTgthystIus/3Hi7Ktqpn4bYpimLqUTnT98T +BnIkxNhuBjoCeHr+oQklKAEQHVTSWR3pFmCCAfwk4e1+jh9r4ydFBhRjvROZ2GxPSq/ guE9+EinJjzjuS/b2chmgR4TSGbzI3QmuDnm/mne6h7oR/iqytefdIl5E+hsHAqBCkks vNvFdHNKZ4B3QbGYAKGWDpTtM6hpLopi6/xE4tPQd+YOet8mLzI6fa/3g5v+4uSPztnX 3mqg== X-Gm-Message-State: APjAAAU6B/sNppgaudVoMAHn9KzW8hA3geFJ3zvC571ChXVrKYNwZ2aQ dDb2bfSBeQH8m7YIQna2eUZpSDFuj2PYzeIyKCUD/qlVePothTdxDrGG799QHvWble51aqeBJRu 4yRjGdnixHZfreDaorJHneexZ0SSR X-Received: by 2002:a5d:848d:: with SMTP id t13mr39211554iom.16.1555609166264; Thu, 18 Apr 2019 10:39:26 -0700 (PDT) X-Received: by 2002:a5d:848d:: with SMTP id t13mr39211537iom.16.1555609166094; Thu, 18 Apr 2019 10:39:26 -0700 (PDT) Received: from cs-u-cslp16.dtc.umn.edu (cs-u-cslp16.cs.umn.edu. [128.101.106.40]) by smtp.gmail.com with ESMTPSA id y203sm1231138itb.22.2019.04.18.10.39.25 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 18 Apr 2019 10:39:25 -0700 (PDT) From: Wenwen Wang To: Wenwen Wang Cc: Paul Moore , Eric Paris , linux-audit@redhat.com (moderated list:AUDIT SUBSYSTEM), linux-kernel@vger.kernel.org (open list) Subject: [PATCH] audit: fix a memory leak bug Date: Thu, 18 Apr 2019 12:39:15 -0500 Message-Id: <1555609155-11934-1-git-send-email-wang6495@umn.edu> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In audit_rule_change(), audit_data_to_entry() is firstly invoked to translate the payload data to the kernel's rule representation. In audit_data_to_entry(), depending on the audit field type, an audit tree may be created in audit_make_tree(), which eventually invokes kmalloc() to allocate the tree. Since this tree is a temporary tree, it will be then freed in the following execution, e.g., audit_add_rule() if the message type is AUDIT_ADD_RULE or audit_del_rule() if the message type is AUDIT_DEL_RULE. However, if the message type is neither AUDIT_ADD_RULE nor AUDIT_DEL_RULE, i.e., the default case of the switch statement, this temporary tree is not freed. To fix this issue, free the allocated tree in the default case. Signed-off-by: Wenwen Wang --- kernel/auditfilter.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 63f8b3f..70a34db 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1128,6 +1128,8 @@ int audit_rule_change(int type, int seq, void *data, size_t datasz) audit_log_rule_change("remove_rule", &entry->rule, !err); break; default: + if (entry->rule.tree) + audit_put_tree(entry->rule.tree); err = -EINVAL; WARN_ON(1); } -- 2.7.4