aa_getprocattr() may not initialize the value's pointer in some case. As for proc_pid_attr_read(), initialize this pointer to NULL in apparmor_getselfattr() to avoid an UAF in the kfree() call.
Cc: Casey Schaufler casey@schaufler-ca.com Cc: John Johansen john.johansen@canonical.com Cc: Paul Moore paul@paul-moore.com Cc: stable@vger.kernel.org Fixes: 223981db9baf ("AppArmor: Add selfattr hooks") Signed-off-by: Mickaël Salaün mic@digikod.net --- security/apparmor/lsm.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index 98e1150bee9d..9a3dcaafb5b1 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -784,7 +784,7 @@ static int apparmor_getselfattr(unsigned int attr, struct lsm_ctx __user *lx, int error = -ENOENT; struct aa_task_ctx *ctx = task_ctx(current); struct aa_label *label = NULL; - char *value; + char *value = NULL;
switch (attr) { case LSM_ATTR_CURRENT: