• Wenwen Wang's avatar
    audit: fix a memory leak bug · bfda6425
    Wenwen Wang authored
    [ Upstream commit 70c4cf17 ]
    
    In audit_rule_change(), audit_data_to_entry() is firstly invoked to
    translate the payload data to the kernel's rule representation. In
    audit_data_to_entry(), depending on the audit field type, an audit tree may
    be created in audit_make_tree(), which eventually invokes kmalloc() to
    allocate the tree.  Since this tree is a temporary tree, it will be then
    freed in the following execution, e.g., audit_add_rule() if the message
    type is AUDIT_ADD_RULE or audit_del_rule() if the message type is
    AUDIT_DEL_RULE. However, if the message type is neither AUDIT_ADD_RULE nor
    AUDIT_DEL_RULE, i.e., the default case of the switch statement, this
    temporary tree is not freed.
    
    To fix this issue, only allocate the tree when the type is AUDIT_ADD_RULE
    or AUDIT_DEL_RULE.
    Signed-off-by: default avatarWenwen Wang <wang6495@umn.edu>
    Reviewed-by: default avatarRichard Guy Briggs <rgb@redhat.com>
    Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
    Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
    bfda6425
auditfilter.c 34.3 KB