audit/stable-4.13 PR 20170816
-----BEGIN PGP SIGNATURE----- iQJIBAABCAAyFiEEcQCq365ubpQNLgrWVeRaWujKfIoFAlmUlmUUHHBhdWxAcGF1 bC1tb29yZS5jb20ACgkQVeRaWujKfIo92hAAqbffYKqih+3VPCYg0bx7N9pCl8Ya k9RNxyRPv9+IxJGTrnG00x6k8GIv3hjyJIYmqGQl/GWdbZadmySazl20YI9ls47p 7ydJAJELRPnfKFLJ9T2mqi6Az8qDtRoV2DwLCSCnsBCJdsK4wcUxtM3/qV2JGxzJ O2YIw4C4kuoM2SRl6weGnCUTVkdaDdHk6GcC2GClIlsjapUpNB+UieGijN/3HqHi YpSofAXD1lkZ4DZCM51t/3vuIlNTGSQOVvXqsVZWJv4fFR1qZbGiYuVQervYaaP2 sRN+2OwNtdy5yUStQ5BMHT44zTc49ACizSqU3j96yzEa5H3IfMSN9U5Aa+GYIy5N um6qeUz7wKOto0/hBtDpabGeeBkdLZBY6L7Dt2NLTcC8vT65b8NveGj4rvVGt0b5 REjoT0Slja4yQeER3IgUByR5H6h983Em/cjDmL6V/oLqxfOGGLkLQgKyfGoF+aSK DrpCWS/XiGU/Q2W3XhLSSIlJXbZ6y/dttM4tFOrk6omekLpdzdJwgo8DRz91dIZI vB5DAHG+Pvxw6sYFz2eAF2/3UYeEdxhAsQs8V3NJWz+7BD/AxAdfMDriGQnQ6jfU NIWRcCxkU/FtrqsznIqp0BkitOQ7ZwDqusUebWl34y8iNa/m2f9Jp+rvSnxq8+Zu Zw0EjuRyfwu2SE0= =tP6Y -----END PGP SIGNATURE----- Merge tag 'audit-pr-20170816' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit Pull audit fixes from Paul Moore: "Two small fixes to the audit code, both explained well in the respective patch descriptions, but the quick summary is one use-after-free fix, and one silly fanotify notification flag fix" * tag 'audit-pr-20170816' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/audit: audit: Receive unmount event audit: Fix use after free in audit_remove_watch_rule()
This commit is contained in:
commit
422ce075f9
|
@ -66,7 +66,7 @@ static struct fsnotify_group *audit_watch_group;
|
|||
|
||||
/* fsnotify events we care about. */
|
||||
#define AUDIT_FS_WATCH (FS_MOVE | FS_CREATE | FS_DELETE | FS_DELETE_SELF |\
|
||||
FS_MOVE_SELF | FS_EVENT_ON_CHILD)
|
||||
FS_MOVE_SELF | FS_EVENT_ON_CHILD | FS_UNMOUNT)
|
||||
|
||||
static void audit_free_parent(struct audit_parent *parent)
|
||||
{
|
||||
|
@ -457,14 +457,16 @@ void audit_remove_watch_rule(struct audit_krule *krule)
|
|||
list_del(&krule->rlist);
|
||||
|
||||
if (list_empty(&watch->rules)) {
|
||||
audit_remove_watch(watch);
|
||||
|
||||
if (list_empty(&parent->watches)) {
|
||||
/*
|
||||
* audit_remove_watch() drops our reference to 'parent' which
|
||||
* can get freed. Grab our own reference to be safe.
|
||||
*/
|
||||
audit_get_parent(parent);
|
||||
audit_remove_watch(watch);
|
||||
if (list_empty(&parent->watches))
|
||||
fsnotify_destroy_mark(&parent->mark, audit_watch_group);
|
||||
audit_put_parent(parent);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Update watch data in audit rules based on fsnotify events. */
|
||||
|
|
Loading…
Reference in New Issue