LSM: SafeSetID: Stop releasing uninitialized ruleset

micah-morton · micah-morton · commit 21ab8580b383 · 2019-09-17T11:27:05.000-07:00
The first time a rule set is configured for SafeSetID, we shouldn't be
trying to release the previously configured ruleset, since there isn't
one. Currently, the pointer that would point to a previously configured
ruleset is uninitialized on first rule set configuration, leading to a
crash when we try to call release_ruleset with that pointer.

Acked-by: Jann Horn &lt;jannh@google.com&gt;
Signed-off-by: Micah Morton &lt;mortonm@chromium.org&gt;
diff --git a/security/safesetid/securityfs.c b/security/safesetid/securityfs.c
@@ -187,7 +187,8 @@ static ssize_t handle_policy_update(struct file *file,
 out_free_buf:
 	kfree(buf);
 out_free_pol:
-	release_ruleset(pol);
+	if (pol)
+                release_ruleset(pol);
 	return err;
 }
 

Original file line number	Diff line number	Diff line change
`@@ -187,7 +187,8 @@ static ssize_t handle_policy_update(struct file *file,`
`187`	`187`	`out_free_buf:`
`188`	`188`	`kfree(buf);`
`189`	`189`	`out_free_pol:`
`190`		`- release_ruleset(pol);`
	`190`	`+ if (pol)`
	`191`	`+ release_ruleset(pol);`
`191`	`192`	`return err;`
`192`	`193`	`}`
`193`	`194`