Commit 35aa901c authored by Eric Paris's avatar Eric Paris Committed by Al Viro

Audit: fix audit watch use after free

When an audit watch is added to a parent the temporary watch inside the
original krule from userspace is freed.  Yet the original watch is used after
the real watch was created in audit_add_rules()
Signed-off-by: default avatarEric Paris <eparis@redhat.com>
parent 4e8a2372
...@@ -1320,6 +1320,8 @@ static inline int audit_add_rule(struct audit_entry *entry) ...@@ -1320,6 +1320,8 @@ static inline int audit_add_rule(struct audit_entry *entry)
mutex_unlock(&audit_filter_mutex); mutex_unlock(&audit_filter_mutex);
goto error; goto error;
} }
/* entry->rule.watch may have changed during audit_add_watch() */
watch = entry->rule.watch;
h = audit_hash_ino((u32)watch->ino); h = audit_hash_ino((u32)watch->ino);
list = &audit_inode_hash[h]; list = &audit_inode_hash[h];
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment