From: Roberto Sassu <roberto.sassu@huawei.com>
Date: Tue, 14 Apr 2020 08:01:31 +0000 (+0200)
Subject: evm: Fix possible memory leak in evm_calc_hmac_or_hash()
X-Git-Tag: v5.7.5~98
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=e445da30b12a4fc4591b5c3ac7647f25ec828446;p=users%2Fdwmw2%2Flinux.git

evm: Fix possible memory leak in evm_calc_hmac_or_hash()

commit 0c4395fb2aa77341269ea619c5419ea48171883f upstream.

Don't immediately return if the signature is portable and security.ima is
not present. Just set error so that memory allocated is freed before
returning from evm_calc_hmac_or_hash().

Fixes: 50b977481fce9 ("EVM: Add support for portable signature format")
Signed-off-by: Roberto Sassu <roberto.sassu@huawei.com>
Cc: stable@vger.kernel.org
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
---

diff --git a/security/integrity/evm/evm_crypto.c b/security/integrity/evm/evm_crypto.c
index 764b896cd6283..168c3b78ac47b 100644
--- a/security/integrity/evm/evm_crypto.c
+++ b/security/integrity/evm/evm_crypto.c
@@ -241,7 +241,7 @@ static int evm_calc_hmac_or_hash(struct dentry *dentry,
 
 	/* Portable EVM signatures must include an IMA hash */
 	if (type == EVM_XATTR_PORTABLE_DIGSIG && !ima_present)
-		return -EPERM;
+		error = -EPERM;
 out:
 	kfree(xattr_value);
 	kfree(desc);