[RHEL7,COMMIT] ms/audit: fix a memleak caused by auditing load module

Submitted by Konstantin Khorenko on June 16, 2020, 11:07 a.m.

Details

Message ID 202006161107.05GB7gg4031198@finist-ce7.sw.ru
State New
Headers show

Patch hide | download patch | download mbox

diff --git a/kernel/auditsc.c b/kernel/auditsc.c
index 1ab4049439641..ce2f59c440f0b 100644
--- a/kernel/auditsc.c
+++ b/kernel/auditsc.c
@@ -879,6 +879,13 @@  static inline void audit_proctitle_free(struct audit_context *context)
 	context->proctitle.len = 0;
 }
 
+static inline void audit_free_module(struct audit_context *context)
+{
+	if (context->type == AUDIT_KERN_MODULE) {
+		kfree(context->module.name);
+		context->module.name = NULL;
+	}
+}
 static inline void audit_free_names(struct audit_context *context)
 {
 	struct audit_names *n, *next;
@@ -962,6 +969,7 @@  int audit_alloc(struct task_struct *tsk)
 
 static inline void audit_free_context(struct audit_context *context)
 {
+	audit_free_module(context);
 	audit_free_names(context);
 	unroll_tree_refs(context, NULL, 0);
 	free_tree_refs(context);
@@ -1279,7 +1287,6 @@  static void show_special(struct audit_context *context, int *call_panic)
 		audit_log_format(ab, "name=");
 		if (context->module.name) {
 			audit_log_untrustedstring(ab, context->module.name);
-			kfree(context->module.name);
 		} else
 			audit_log_format(ab, "(null)");
 
@@ -1585,6 +1592,7 @@  void __audit_syscall_exit(int success, long return_code)
 	if (!list_empty(&context->killed_trees))
 		audit_kill_trees(&context->killed_trees);
 
+	audit_free_module(context);
 	audit_free_names(context);
 	unroll_tree_refs(context, NULL, 0);
 	audit_free_aux(context);