LSM: Check for NULL cred-security on free

commit a5795fd38ee8194451ba3f281f075301a3696ce2 upstream. From: Casey Schaufler <casey@schaufler-ca.com> Check that the cred security blob has been set before trying to clean it up. There is a case during credential initialization that could result in this. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Acked-by: John Johansen <john.johansen@canonical.com> Signed-off-by: James Morris <james.morris@microsoft.com> Reported-by: syzbot+69ca07954461f189e808@syzkaller.appspotmail.com Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
author: James Morris <james.morris@microsoft.com> 2019-01-16 15:41:11 -0800
committer: Greg Kroah-Hartman <gregkh@linuxfoundation.org> 2019-01-26 09:42:50 +0100
commit: ac0e225395382a731e6a8ca98419eac9bb43936e (patch)
tree: b00788c0df25b09be13df83a55af48023b4461d4 /security
parent: 4bc86212e19979b44fe2d80a253c02608f02a959 (diff)
1 files changed, 7 insertions, 0 deletions
diff --git a/security/security.c b/security/security.c
index 46f405ce6b0f..0dde287db5c5 100644
--- a/security/security.c
+++ b/security/security.c
@@ -861,6 +861,13 @@ int security_cred_alloc_blank(struct cred *cred, gfp_t gfp)
 
 void security_cred_free(struct cred *cred)
 {
+	/*
+	 * There is a failure case in prepare_creds() that
+	 * may result in a call here with ->security being NULL.
+	 */
+	if (unlikely(cred->security == NULL))
+		return;
+
 	call_void_hook(cred_free, cred);
 }
author	James Morris <james.morris@microsoft.com>	2019-01-16 15:41:11 -0800
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>	2019-01-26 09:42:50 +0100
commit	ac0e225395382a731e6a8ca98419eac9bb43936e (patch)
tree	b00788c0df25b09be13df83a55af48023b4461d4 /security
parent	4bc86212e19979b44fe2d80a253c02608f02a959 (diff)