[PATCH] evm: zero-initialize the evm_xattrs read buffer

Next message: Eric Biggers: "Re: [PATCH wireless-next 0/6] Consolidate Michael MIC code into mac80211"
Previous message: Pengpeng Hou: "[PATCH] tracing/hist: bound expression string construction"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

From: Pengpeng Hou

Date: Tue Apr 07 2026 - 02:16:49 EST

evm_read_xattrs() allocates size + 1 bytes, fills them from the list of
enabled xattrs and then passes strlen(temp) to simple_read_from_buffer().
When no configured xattrs are enabled, the fill loop stores nothing and
temp[0] remains uninitialized, so strlen() reads beyond initialized
memory.

Use kzalloc() so the empty-list case stays a valid empty C string.

Signed-off-by: Pengpeng Hou <pengpeng@xxxxxxxxxxx>
---
security/integrity/evm/evm_secfs.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/security/integrity/evm/evm_secfs.c b/security/integrity/evm/evm_secfs.c
index acd840461902..03d376fa36c2 100644
--- a/security/integrity/evm/evm_secfs.c
+++ b/security/integrity/evm/evm_secfs.c
@@ -145,7 +145,7 @@ static ssize_t evm_read_xattrs(struct file *filp, char __user *buf,
size += strlen(xattr->name) + 1;
}

- temp = kmalloc(size + 1, GFP_KERNEL);
+ temp = kzalloc(size + 1, GFP_KERNEL);
if (!temp) {
mutex_unlock(&xattr_list_mutex);
return -ENOMEM;
--
2.50.1 (Apple Git-155)