]> git.ipfire.org Git - thirdparty/kernel/linux.git/commitdiff
projects / thirdparty / kernel / linux.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 3e45553)
security/apparmor: use kfree_sensitive() in unpack_secmark()
authorZilin Guan <zilin@seu.edu.cn>
Fri, 18 Apr 2025 04:52:50 +0000 (04:52 +0000)
committerJohn Johansen <john.johansen@canonical.com>
Sat, 17 May 2025 08:20:25 +0000 (01:20 -0700)
The unpack_secmark() function currently uses kfree() to release memory
allocated for secmark structures and their labels. However, if a failure
occurs after partially parsing secmark, sensitive data may remain in
memory, posing a security risk.

To mitigate this, replace kfree() with kfree_sensitive() for freeing
secmark structures and their labels, aligning with the approach used
in free_ruleset().

I am submitting this as an RFC to seek freedback on whether this change
is appropriate and aligns with the subsystem's expectations. If
confirmed to be helpful, I will send a formal patch.

Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/policy_unpack.c patch | blob | blame | history

diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 73139189df0f22c9967322eebc6f986dad98d0e4..459eb878c824663c46f83deee3d1a195e6e88329 100644 (file)
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -599,8 +599,8 @@ static bool unpack_secmark(struct aa_ext *e, struct aa_ruleset *rules)
 fail:
        if (rules->secmark) {
                for (i = 0; i < size; i++)
-                       kfree(rules->secmark[i].label);
-               kfree(rules->secmark);
+                       kfree_sensitive(rules->secmark[i].label);
+               kfree_sensitive(rules->secmark);
                rules->secmark_count = 0;
                rules->secmark = NULL;
        }
A mirror of Linus' kernel repository