Re: [PATCH 2/3] IMA: Handle dentry_open failures

From: Mimi Zohar
Date: Mon May 11 2009 - 19:18:27 EST


On Mon, 2009-05-11 at 13:59 -0400, Eric Paris wrote:
> Currently IMA does not handle failures from dentry_open(). This means that we
> leave a pointer set to ERR_PTR(errno) and then try to use it just a few lines
> later in fput(). Oops.
>
> Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
Acked-by: Mimi Zohar <zohar@xxxxxxxxxx>

> ---
>
> security/integrity/ima/ima_main.c | 10 ++++++----
> 1 files changed, 6 insertions(+), 4 deletions(-)
>
> diff --git a/security/integrity/ima/ima_main.c b/security/integrity/ima/ima_main.c
> index cdae13c..1987424 100644
> --- a/security/integrity/ima/ima_main.c
> +++ b/security/integrity/ima/ima_main.c
> @@ -116,10 +116,6 @@ static int get_path_measurement(struct ima_iint_cache *iint, struct file *file,
> {
> int rc = 0;
>
> - if (IS_ERR(file)) {
> - pr_info("%s dentry_open failed\n", filename);
> - return rc;
> - }
> iint->opencount++;
> iint->readcount++;
>
> @@ -185,6 +181,12 @@ int ima_path_check(struct path *path, int mask)
> struct vfsmount *mnt = mntget(path->mnt);
>
> file = dentry_open(dentry, mnt, O_RDONLY, current_cred());
> + if (IS_ERR(file)) {
> + pr_info("%s dentry_open failed\n", dentry->d_name.name);
> + rc = PTR_ERR(file);
> + file = NULL;
> + goto out;
> + }
> rc = get_path_measurement(iint, file, dentry->d_name.name);
> }
> out:
>

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/