4.14-stable review patch. If anyone has any objections, please let me know.
------------------
From: James Morris james.morris@microsoft.com
commit a5795fd38ee8194451ba3f281f075301a3696ce2 upstream.
From: Casey Schaufler casey@schaufler-ca.com
Check that the cred security blob has been set before trying to clean it up. There is a case during credential initialization that could result in this.
Signed-off-by: Casey Schaufler casey@schaufler-ca.com Acked-by: John Johansen john.johansen@canonical.com Signed-off-by: James Morris james.morris@microsoft.com Reported-by: syzbot+69ca07954461f189e808@syzkaller.appspotmail.com Signed-off-by: Greg Kroah-Hartman gregkh@linuxfoundation.org
--- security/security.c | 7 +++++++ 1 file changed, 7 insertions(+)
--- a/security/security.c +++ b/security/security.c @@ -993,6 +993,13 @@ int security_cred_alloc_blank(struct cre
void security_cred_free(struct cred *cred) { + /* + * There is a failure case in prepare_creds() that + * may result in a call here with ->security being NULL. + */ + if (unlikely(cred->security == NULL)) + return; + call_void_hook(cred_free, cred); }