diff options
Diffstat (limited to 'security/integrity/ima')
-rw-r--r-- | security/integrity/ima/ima_crypto.c | 6 | ||||
-rw-r--r-- | security/integrity/ima/ima_main.c | 10 |
2 files changed, 13 insertions, 3 deletions
diff --git a/security/integrity/ima/ima_crypto.c b/security/integrity/ima/ima_crypto.c index 63003a63aaee..46642a19bc78 100644 --- a/security/integrity/ima/ima_crypto.c +++ b/security/integrity/ima/ima_crypto.c @@ -45,9 +45,9 @@ int ima_calc_hash(struct file *file, char *digest) { struct hash_desc desc; struct scatterlist sg[1]; - loff_t i_size; + loff_t i_size, offset = 0; char *rbuf; - int rc, offset = 0; + int rc; rc = init_desc(&desc); if (rc != 0) @@ -67,6 +67,8 @@ int ima_calc_hash(struct file *file, char *digest) rc = rbuf_len; break; } + if (rbuf_len == 0) + break; offset += rbuf_len; sg_init_one(sg, rbuf, rbuf_len); diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c index 101c512564ec..b85e61bcf246 100644 --- a/security/integrity/ima/ima_main.c +++ b/security/integrity/ima/ima_main.c @@ -249,7 +249,11 @@ void ima_counts_put(struct path *path, int mask) struct inode *inode = path->dentry->d_inode; struct ima_iint_cache *iint; - if (!ima_initialized || !S_ISREG(inode->i_mode)) + /* The inode may already have been freed, freeing the iint + * with it. Verify the inode is not NULL before dereferencing + * it. + */ + if (!ima_initialized || !inode || !S_ISREG(inode->i_mode)) return; iint = ima_iint_find_insert_get(inode); if (!iint) @@ -262,6 +266,8 @@ void ima_counts_put(struct path *path, int mask) else if (mask & (MAY_READ | MAY_EXEC)) iint->readcount--; mutex_unlock(&iint->mutex); + + kref_put(&iint->refcount, iint_free); } /* @@ -291,6 +297,8 @@ void ima_counts_get(struct file *file) if (file->f_mode & FMODE_WRITE) iint->writecount++; mutex_unlock(&iint->mutex); + + kref_put(&iint->refcount, iint_free); } EXPORT_SYMBOL_GPL(ima_counts_get); |