From 8ead196be219adade3bd0d4115cc9b8506643121 Mon Sep 17 00:00:00 2001 From: Gaosheng Cui Date: Fri, 5 Jan 2024 10:01:26 +0800 Subject: apparmor: Fix memory leak in unpack_profile() The aa_put_pdb(rules->file) should be called when rules->file is reassigned, otherwise there may be a memory leak. This was found via kmemleak: unreferenced object 0xffff986c17056600 (size 192): comm "apparmor_parser", pid 875, jiffies 4294893488 hex dump (first 32 bytes): 00 00 00 00 00 00 00 00 00 89 14 04 6c 98 ff ff ............l... 00 00 8c 11 6c 98 ff ff bc 0c 00 00 00 00 00 00 ....l........... backtrace (crc e28c80c4): [] kmemleak_alloc+0x4f/0x90 [] kmalloc_trace+0x2d2/0x340 [] aa_alloc_pdb+0x4d/0x90 [] unpack_pdb+0x48/0x660 [] unpack_profile+0x693/0x1090 [] aa_unpack+0x10a/0x6e0 [] aa_replace_profiles+0xa3/0x1210 [] policy_update+0x163/0x2a0 [] profile_replace+0xb1/0x130 [] vfs_write+0xd4/0x3d0 [] ksys_write+0x6b/0xf0 [] __x64_sys_write+0x1e/0x30 [] do_syscall_64+0x76/0x120 [] entry_SYSCALL_64_after_hwframe+0x6c/0x74 So add aa_put_pdb(rules->file) to fix it when rules->file is reassigned. Fixes: 98b824ff8984 ("apparmor: refcount the pdb") Signed-off-by: Gaosheng Cui Signed-off-by: John Johansen --- security/apparmor/policy_unpack.c | 2 ++ 1 file changed, 2 insertions(+) (limited to 'security') diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c index dbf7d96257ad..5e578ef0ddff 100644 --- a/security/apparmor/policy_unpack.c +++ b/security/apparmor/policy_unpack.c @@ -1025,8 +1025,10 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name) } } else if (rules->policy->dfa && rules->policy->start[AA_CLASS_FILE]) { + aa_put_pdb(rules->file); rules->file = aa_get_pdb(rules->policy); } else { + aa_put_pdb(rules->file); rules->file = aa_get_pdb(nullpdb); } error = -EPROTO; -- cgit v1.2.3