diff mbox series

[ima-evm-utils,v2,09/12] Fix potential use after free in read_tpm_banks()

Message ID 20220906195021.854090-10-zohar@linux.ibm.com (mailing list archive)
State New, archived
Headers show
Series address deprecated warnings | expand

Commit Message

Mimi Zohar Sept. 6, 2022, 7:50 p.m. UTC 
On failure to read TPM 2.0 bank PCRs 'errmsg' is not properly set to
NULL after being freed.  Fix potential use after free.

Fixes: 3472f9ba9c05 ("ima-evm-utils: read the PCRs for the requested TPM banks")
Reviewed-by: Petr Vorel <pvorel@suse.cz>
Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>
---
 src/evmctl.c | 1 +
 1 file changed, 1 insertion(+)

Comments

Stefan Berger Sept. 13, 2022, 4:38 p.m. UTC | #1 
On 9/6/22 15:50, Mimi Zohar wrote:
> On failure to read TPM 2.0 bank PCRs 'errmsg' is not properly set to
> NULL after being freed.  Fix potential use after free.
> 
> Fixes: 3472f9ba9c05 ("ima-evm-utils: read the PCRs for the requested TPM banks")
> Reviewed-by: Petr Vorel <pvorel@suse.cz>
> Signed-off-by: Mimi Zohar <zohar@linux.ibm.com>

Reviewed-by: Stefan Berger <stefanb@linux.ibm.com>
> ---
>   src/evmctl.c | 1 +
>   1 file changed, 1 insertion(+)
> 
> diff --git a/src/evmctl.c b/src/evmctl.c
> index fa588e0caba2..a497b1a468d6 100644
> --- a/src/evmctl.c
> +++ b/src/evmctl.c
> @@ -2075,6 +2075,7 @@ static int read_tpm_banks(int num_banks, struct tpm_bank_info *bank)
>   				log_debug("Failed to read %s PCRs: (%s)\n",
>   					  bank[i].algo_name, errmsg);
>   				free(errmsg);
> +				errmsg = NULL;
>   				bank[i].supported = 0;
>   			}
>   		}
diff mbox series

Patch

diff --git a/src/evmctl.c b/src/evmctl.c
index fa588e0caba2..a497b1a468d6 100644
--- a/src/evmctl.c
+++ b/src/evmctl.c
@@ -2075,6 +2075,7 @@  static int read_tpm_banks(int num_banks, struct tpm_bank_info *bank)
 				log_debug("Failed to read %s PCRs: (%s)\n",
 					  bank[i].algo_name, errmsg);
 				free(errmsg);
+				errmsg = NULL;
 				bank[i].supported = 0;
 			}
 		}