Received: by 2002:a05:6358:5282:b0:b5:90e7:25cb with SMTP id g2csp2999617rwa;
        Mon, 22 Aug 2022 18:51:59 -0700 (PDT)
X-Google-Smtp-Source: AA6agR6YmCJs8A1JasEJZAZOdjVxJXLUCuz4UWThvvWGldS4iWnsXTKqYIS5p77oTmgBXAQ2pVju
X-Received: by 2002:a17:907:e89:b0:730:af06:6ed1 with SMTP id ho9-20020a1709070e8900b00730af066ed1mr14917958ejc.276.1661219519501;
        Mon, 22 Aug 2022 18:51:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; t=1661219519; cv=none;
        d=google.com; s=arc-20160816;
        b=vhBeGQrLSRB3/VvPLML/GCxD5GY3btaW8w8N3IFWL71Q0rP7SklZ6kkUMJk6CVXYGB
         J/gi7FhdnllaLTwshtj1JSK1UZ76xCZbyvjoAk9Bwsx0UadSlyfDiQrlLe07UjMYiTXm
         EWW3lNc7jHYolhy0s/ob4TmQmUqaWd3oswu+eQFlFgycKzoCkrXTGXMXzxok6LyTTtdC
         Gq0IDz/LLC1LR8kyDDMKjR96m1sbOK7p9BX1+UafAX4ig9dlq/sLcvwLC8OnjpyC9Dri
         onJLzDMZSkOn5r0zZKxgEqc8AIunloRj75e2cQ6UBYYNPFWZEzJD4jbfwASmfc8Ln+a2
         bT1A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816;
        h=list-id:precedence:content-transfer-encoding:mime-version
         :message-id:date:subject:cc:to:from;
        bh=J4xHElaQCZEztTh2r65ftQ/piIk4eS5BYLFIhQ8zihU=;
        b=EgeYEwUbn/e3MdITih0U5uXr/V5hR9hTIpqOGL5EnjOyDA8srue6X7ps56PMKnnp++
         NYkGkxLHgLaVqzWwk3eLdAnBJWBw078oY9Rdaqh7ZdPug7gq2fjQuyOViUz8PxQa/4NF
         e6/mJatyMOAHz15yOpOJbP86EUYdsxE3L7GKP1bWHAoW1yrY9tmiFUeJ5uO/E0rAuxyY
         +3re7PrD0c/uijQfaiwignrKnIB4KHSyHJLvVfvOU+eDOgLI6mqcuWThCWxzbgovx1pt
         aU3E09uFkZjSmiauhaCvcm9+AbAtTMYeaPa/rFieO4jm5X2PBbE8Ke8a/v0BGu+c3Z+Y
         k0aw==
ARC-Authentication-Results: i=1; mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Return-Path: <linux-kernel-owner@vger.kernel.org>
Received: from out1.vger.email (out1.vger.email. [2620:137:e000::1:20])
        by mx.google.com with ESMTP id k3-20020a170906578300b0072f1d8e7300si9220567ejq.430.2022.08.22.18.51.33;
        Mon, 22 Aug 2022 18:51:59 -0700 (PDT)
Received-SPF: pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) client-ip=2620:137:e000::1:20;
Authentication-Results: mx.google.com;
       spf=pass (google.com: domain of linux-kernel-owner@vger.kernel.org designates 2620:137:e000::1:20 as permitted sender) smtp.mailfrom=linux-kernel-owner@vger.kernel.org;
       dmarc=fail (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=huawei.com
Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand
        id S238853AbiHWBPJ (ORCPT <rfc822;andreqb@gmail.com> + 99 others);
        Mon, 22 Aug 2022 21:15:09 -0400
Received: from lindbergh.monkeyblade.net ([23.128.96.19]:45454 "EHLO
        lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
        with ESMTP id S237907AbiHWBPH (ORCPT
        <rfc822;linux-kernel@vger.kernel.org>);
        Mon, 22 Aug 2022 21:15:07 -0400
Received: from szxga02-in.huawei.com (szxga02-in.huawei.com [45.249.212.188])
        by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 685CE54C9F;
        Mon, 22 Aug 2022 18:15:05 -0700 (PDT)
Received: from kwepemi500012.china.huawei.com (unknown [172.30.72.55])
        by szxga02-in.huawei.com (SkyGuard) with ESMTP id 4MBWPg2MPNzXdtL;
        Tue, 23 Aug 2022 09:10:47 +0800 (CST)
Received: from dggphis33418.huawei.com (10.244.148.83) by
 kwepemi500012.china.huawei.com (7.221.188.12) with Microsoft SMTP Server
 (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id
 15.1.2375.24; Tue, 23 Aug 2022 09:15:03 +0800
From:   Gaosheng Cui <cuigaosheng1@huawei.com>
To:     <john.johansen@canonical.com>, <paul@paul-moore.com>,
        <jmorris@namei.org>, <serge@hallyn.com>, <cuigaosheng1@huawei.com>
CC:     <apparmor@lists.ubuntu.com>,
        <linux-security-module@vger.kernel.org>,
        <linux-kernel@vger.kernel.org>
Subject: [PATCH] apparmor: fix a memleak in multi_transaction_new()
Date:   Tue, 23 Aug 2022 09:15:03 +0800
Message-ID: <20220823011503.2757088-1-cuigaosheng1@huawei.com>
X-Mailer: git-send-email 2.25.1
MIME-Version: 1.0
Content-Transfer-Encoding: 7BIT
Content-Type:   text/plain; charset=US-ASCII
X-Originating-IP: [10.244.148.83]
X-ClientProxiedBy: dggems703-chm.china.huawei.com (10.3.19.180) To
 kwepemi500012.china.huawei.com (7.221.188.12)
X-CFilter-Loop: Reflected
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED,
        SPF_HELO_NONE,SPF_PASS,T_SCC_BODY_TEXT_LINE autolearn=ham
        autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
        lindbergh.monkeyblade.net
Precedence: bulk
List-ID: <linux-kernel.vger.kernel.org>
X-Mailing-List: linux-kernel@vger.kernel.org

In multi_transaction_new(), the variable t is not freed or passed out
on the failure of copy_from_user(t->data, buf, size), which could lead
to a memleak.

Fix this bug by adding a put_multi_transaction(t) in the error path.

Fixes: 1dea3b41e84c5 ("apparmor: speed up transactional queries")
Signed-off-by: Gaosheng Cui <cuigaosheng1@huawei.com>
---
 security/apparmor/apparmorfs.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index d066ccc219e2..7160e7aa58b9 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -868,8 +868,10 @@ static struct multi_transaction *multi_transaction_new(struct file *file,
 	if (!t)
 		return ERR_PTR(-ENOMEM);
 	kref_init(&t->count);
-	if (copy_from_user(t->data, buf, size))
+	if (copy_from_user(t->data, buf, size)) {
+		put_multi_transaction(t);
 		return ERR_PTR(-EFAULT);
+	}
 
 	return t;
 }
-- 
2.25.1