Received: by 2002:a25:4158:0:0:0:0:0 with SMTP id o85csp2084972yba; Fri, 19 Apr 2019 11:50:16 -0700 (PDT) X-Google-Smtp-Source: APXvYqzVNzoog4Xzju5fcJuMglxvq87W48K+EhFg+VOJxbzbHhetnYwYt3vbqcnbf4Se8YW1kf+d X-Received: by 2002:a17:902:302:: with SMTP id 2mr5442885pld.232.1555699816101; Fri, 19 Apr 2019 11:50:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1555699816; cv=none; d=google.com; s=arc-20160816; b=CkCmiBhZVrC5c/fr2h0GashF2ZpNVy202PZ+JEy0cVS7Ln0F8aD+lbCEJqtpI8dz2h 9NhVtuR7jiHZf/bWuOC5zN7T8ogBvJ5qZWfHcPRy8HwlFzVDYoNhItMZY27+9lXcpbjn CGn16xBDwMoi76zfjsuDe1sGFrx8f7wkE2LsgEjav2pTBvdq+Z4B+ACVxMOwnAPK+tU3 NsajdL/0YA90J35n/+hTBZ53L0vNieP40LW4QLQUIYY+cyQ3mxH8l4fwYq3OVSQ+CJ7Q jc1y+LUAZGOy9xvBPN72sUBlfPhEpzfTEEQrwPTmoLrA1WpqfnJZ7VHCGu8nFx/QMJF+ RC5w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=list-id:precedence:sender:message-id:date:subject:cc:to:from :dkim-signature; bh=heZMTrXK8yMYnPBX0J6luSX1OYpenKN39rpGD2b6xog=; b=awvtz8KQOHm0F1T3+FrOaizJ0v20EtW3SkGTDvWWxKynJrOsJdsvjNIH9uTB9sLBqe 839Xz+oaVPxULMMQ7THrRSi5U5Z1M/9YFXp+gZgnQ9u8JH9UkUuAfMaML33bVw3MU/O0 R0Rci4aIFdBreyMwxvifFRNhrMzV59B9uYC2Sh5yHI3eDP2FTiBTrggOx4kAj0KcAE7y Vlf2FVX8IkbkqUCOkzuhvOe45BQQJnqciyBY4jAqeCAqODjuqcDPXl2JoTt4EoBTemX0 Y6gBwwQTQn6gYCj2RSRxT6lxxn00jfXsSLrVD20SazDXAobq6ayK9K3z3SJGut2hs9ts /RhQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=mcYybduG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Return-Path: Received: from vger.kernel.org (vger.kernel.org. [209.132.180.67]) by mx.google.com with ESMTP id cs8si6009366plb.393.2019.04.19.11.50.01; Fri, 19 Apr 2019 11:50:16 -0700 (PDT) Received-SPF: pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) client-ip=209.132.180.67; Authentication-Results: mx.google.com; dkim=pass header.i=@umn.edu header.s=google header.b=mcYybduG; spf=pass (google.com: best guess record for domain of linux-kernel-owner@vger.kernel.org designates 209.132.180.67 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=umn.edu Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1727467AbfDSStG (ORCPT + 99 others); Fri, 19 Apr 2019 14:49:06 -0400 Received: from mta-p8.oit.umn.edu ([134.84.196.208]:49760 "EHLO mta-p8.oit.umn.edu" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1726587AbfDSStG (ORCPT ); Fri, 19 Apr 2019 14:49:06 -0400 Received: from localhost (unknown [127.0.0.1]) by mta-p8.oit.umn.edu (Postfix) with ESMTP id 9BC5374E for ; Fri, 19 Apr 2019 15:10:00 +0000 (UTC) X-Virus-Scanned: amavisd-new at umn.edu Received: from mta-p8.oit.umn.edu ([127.0.0.1]) by localhost (mta-p8.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ed2hw2GhHst7 for ; Fri, 19 Apr 2019 10:10:00 -0500 (CDT) Received: from mail-it1-f198.google.com (mail-it1-f198.google.com [209.85.166.198]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p8.oit.umn.edu (Postfix) with ESMTPS id 71890F2D for ; Fri, 19 Apr 2019 10:10:00 -0500 (CDT) Received: by mail-it1-f198.google.com with SMTP id v11so7146858itb.1 for ; Fri, 19 Apr 2019 08:10:00 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=from:to:cc:subject:date:message-id; bh=heZMTrXK8yMYnPBX0J6luSX1OYpenKN39rpGD2b6xog=; b=mcYybduGKD6t/GHU9UpwjNHuaq/J5MOlHl1AnHkI7xBe7TZcTqXdOEPRIdG08W6qQA IzTSRjBelu/r0fciczxjS9SKd3O4l1SqTA/30M+aEVCCZb4OE/Fd1HMJuWg1+AgInU2k yI1MLyB9ixa6SFIQ/xCcvUriPpIx+EjB0pNyA331wUGkukXpb6At7zdEUfPfd8dXBg3p LJVbZ9Hvmz0PgyLjzDpciy3rX6md/KkREEttSMNpQb+Bdy2ivUDUhrIDXFSlQOo6O4hP 4VzPQ6z0FznT9fXDv80pcAWZ+CFjkrj4lBovI3i2isuwo4t9W5PNTWzCk5n3dMAEmpvW SEwg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=heZMTrXK8yMYnPBX0J6luSX1OYpenKN39rpGD2b6xog=; b=enWsIpJ9AAGocye+csHemHWw74jhtz2BRqUg7YsTHW9ntX5+foVq6sDBnXKaRr30f1 9PEfjBGs5XVyIz+t9tfv9sVUi9yvm8x3VBueUz+JE7gx7z0D4Pp3oE6d1iHz58eba1sZ 44SAP5hMr4zFWdWgURAiBIxzfqQ4rkvRXpjAIDa70FTTPAE+fIoBgygvVEnKSWKpDvmg GjkFFTeb5fX33OXgh2H4GaRuY6xMmlRk9rwoW0R/bpwb+qjwCxNZc2S8qDvBYMZcFloy VXsTEyF5QbqfCP3wItBC5+cQ/X0Yk459hQwHQubZ9kVS1qR5FP/Arm4r14tQg9hKoLZ8 bEZg== X-Gm-Message-State: APjAAAXaUM08ZU6EqW04D42R/ztJdSFrKFQI/v5gQka9cJxxF0bbhi+5 kQ14iR9YZuBdH0dzKrBJ0d2VRe7cWKc6WIwXpet2hMWdxC4727mC/tXqPo4uH0G8n54yes0zIq+ zWEIVR2o4KYxSZr9JV4ueQW6ZCtcs X-Received: by 2002:a02:6209:: with SMTP id d9mr3090688jac.34.1555686600034; Fri, 19 Apr 2019 08:10:00 -0700 (PDT) X-Received: by 2002:a02:6209:: with SMTP id d9mr3090671jac.34.1555686599829; Fri, 19 Apr 2019 08:09:59 -0700 (PDT) Received: from cs-u-cslp16.dtc.umn.edu (cs-u-cslp16.cs.umn.edu. [128.101.106.40]) by smtp.gmail.com with ESMTPSA id k203sm1557638itb.0.2019.04.19.08.09.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Fri, 19 Apr 2019 08:09:59 -0700 (PDT) From: Wenwen Wang To: Wenwen Wang Cc: Paul Moore , Eric Paris , linux-audit@redhat.com (moderated list:AUDIT SUBSYSTEM), linux-kernel@vger.kernel.org (open list) Subject: [PATCH v2] audit: fix a memory leak bug Date: Fri, 19 Apr 2019 10:09:47 -0500 Message-Id: <1555686587-13866-1-git-send-email-wang6495@umn.edu> X-Mailer: git-send-email 2.7.4 Sender: linux-kernel-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kernel@vger.kernel.org In audit_rule_change(), audit_data_to_entry() is firstly invoked to translate the payload data to the kernel's rule representation. In audit_data_to_entry(), depending on the audit field type, an audit tree may be created in audit_make_tree(), which eventually invokes kmalloc() to allocate the tree. Since this tree is a temporary tree, it will be then freed in the following execution, e.g., audit_add_rule() if the message type is AUDIT_ADD_RULE or audit_del_rule() if the message type is AUDIT_DEL_RULE. However, if the message type is neither AUDIT_ADD_RULE nor AUDIT_DEL_RULE, i.e., the default case of the switch statement, this temporary tree is not freed. To fix this issue, only allocate the tree when the type is AUDIT_ADD_RULE or AUDIT_DEL_RULE. Signed-off-by: Wenwen Wang --- kernel/auditfilter.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c index 63f8b3f..923b858 100644 --- a/kernel/auditfilter.c +++ b/kernel/auditfilter.c @@ -1114,22 +1114,28 @@ int audit_rule_change(int type, int seq, void *data, size_t datasz) int err = 0; struct audit_entry *entry; - entry = audit_data_to_entry(data, datasz); - if (IS_ERR(entry)) - return PTR_ERR(entry); - switch (type) { case AUDIT_ADD_RULE: + entry = audit_data_to_entry(data, datasz); + if (IS_ERR(entry)) + return PTR_ERR(entry); + err = audit_add_rule(entry); audit_log_rule_change("add_rule", &entry->rule, !err); break; + case AUDIT_DEL_RULE: + entry = audit_data_to_entry(data, datasz); + if (IS_ERR(entry)) + return PTR_ERR(entry); + err = audit_del_rule(entry); audit_log_rule_change("remove_rule", &entry->rule, !err); break; + default: - err = -EINVAL; WARN_ON(1); + return -EINVAL; } if (err || type == AUDIT_DEL_RULE) { -- 2.7.4