Hello. A memory corruption problem was discovered in TOMOYO Linux 1.7.0 and 1.7.1 . If memory allocation request for keeping IPv6 address was failed due to out-of-memory, memory corruption which might lead to kernel crash occurs. Patch to fix this problem is shown below. --- 1.7.1p2/security/ccsecurity/memory.c +++ 1.7.1p3/security/ccsecurity/memory.c @@ -118,10 +118,11 @@ const struct in6_addr *ccs_get_ipv6_addr atomic_set(&ptr->users, 1); list_add_tail(&ptr->list, &ccs_address_list); entry = NULL; + error = 0; } mutex_unlock(&ccs_policy_lock); kfree(entry); - return ptr ? &ptr->addr : NULL; + return !error ? &ptr->addr : NULL; } /* The list for "struct ccs_name_entry". */ I uploaded TOMOYO 1.7.1p3 which fixed this security problem and other non-security problem. http://sourceforge.jp/frs/redir.php?f=/tomoyo/43375/ccs-patch-1.7.1-20100326.tar.gz MD5: 9999f1a70ee5ee3d1a6c6e8e56d0e4b5 Sincerely.
TOMOYO
Fork