Audit: fix audit watch use after free When an audit watch is added to a parent the temporary watch inside the original krule from userspace is freed. Yet the original watch is used after the real watch was created in audit_add_rules() Signed-off-by: Eric Paris <eparis@redhat.com>

commit: 35aa901c0b66cb3c2eeee23f13624014825a44a8 [log] [tgz]
author: Eric Paris <eparis@redhat.com> Thu Jun 11 14:31:33 2009 -0400
committer: Al Viro <viro@zeniv.linux.org.uk> Tue Jun 23 23:50:33 2009 -0400
tree: 5ec19e8b65c1f3e6417c197288c42c60c852ef48
parent: 4e8a2372f9255a1464ef488ed925455f53fbdaa1 [diff] [blame]
diff --git a/kernel/auditfilter.c b/kernel/auditfilter.c
index 713098e..19c0a0a 100644
--- a/kernel/auditfilter.c
+++ b/kernel/auditfilter.c

@@ -1320,6 +1320,8 @@
 			mutex_unlock(&audit_filter_mutex);
 			goto error;
 		}
+		/* entry->rule.watch may have changed during audit_add_watch() */
+		watch = entry->rule.watch;
 		h = audit_hash_ino((u32)watch->ino);
 		list = &audit_inode_hash[h];
 	}
commit	35aa901c0b66cb3c2eeee23f13624014825a44a8	[log] [tgz]
author	Eric Paris <eparis@redhat.com>	Thu Jun 11 14:31:33 2009 -0400
committer	Al Viro <viro@zeniv.linux.org.uk>	Tue Jun 23 23:50:33 2009 -0400
tree	5ec19e8b65c1f3e6417c197288c42c60c852ef48
parent	4e8a2372f9255a1464ef488ed925455f53fbdaa1 [diff] [blame]