Merge tag 'audit-pr-20180731' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoor...
authorLinus Torvalds <torvalds@linux-foundation.org>
Tue, 31 Jul 2018 20:17:46 +0000 (13:17 -0700)
committerLinus Torvalds <torvalds@linux-foundation.org>
Tue, 31 Jul 2018 20:17:46 +0000 (13:17 -0700)
Pull audit fix from Paul Moore:
 "A single small audit fix to guard against memory allocation failures
  when logging information about a kernel module load.

  It's small, easy to understand, and self-contained; while nothing is
  zero risk, this should be pretty low"

* tag 'audit-pr-20180731' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit:
  audit: fix potential null dereference 'context->module.name'

kernel/auditsc.c

index ceb1c4596c511e9a291d27a1fe710eefde439284..80d672a1108883be0553212757c13912cabe5bec 100644 (file)
@@ -1279,8 +1279,12 @@ static void show_special(struct audit_context *context, int *call_panic)
                break;
        case AUDIT_KERN_MODULE:
                audit_log_format(ab, "name=");
-               audit_log_untrustedstring(ab, context->module.name);
-               kfree(context->module.name);
+               if (context->module.name) {
+                       audit_log_untrustedstring(ab, context->module.name);
+                       kfree(context->module.name);
+               } else
+                       audit_log_format(ab, "(null)");
+
                break;
        }
        audit_log_end(ab);
@@ -2411,8 +2415,9 @@ void __audit_log_kern_module(char *name)
 {
        struct audit_context *context = audit_context();
 
-       context->module.name = kmalloc(strlen(name) + 1, GFP_KERNEL);
-       strcpy(context->module.name, name);
+       context->module.name = kstrdup(name, GFP_KERNEL);
+       if (!context->module.name)
+               audit_log_lost("out of memory in __audit_log_kern_module");
        context->type = AUDIT_KERN_MODULE;
 }