ima: Do not free 'entry' before it is initialized

7bc5f447ce9d0 (ima: define new function ima_alloc_init_template() to
API) moved the initialization of 'entry' in ima_add_boot_aggregate() a
bit more below, after the if (ima_used_chip).

So, 'entry' is not initialized while being inside this if-block. So, we
should not attempt to free it.

Found by Coverity (CID: 1131971)

Fixes: 7bc5f447ce9d0 (ima: define new function ima_alloc_init_template() to API)
Signed-off-by: Christoph Paasch <christoph.paasch@uclouvain.be>
Signed-off-by: Mimi Zohar <zohar@us.ibm.com>

diff --git a/security/integrity/ima/ima_init.c b/security/integrity/ima/ima_init.c
index 15f34bd40abed1530216be53c59658b6245d280b..76b8e2c4fd38f641de017bd45dcacf225b1b21dc 100644 (file)
--- a/security/integrity/ima/ima_init.c
+++ b/security/integrity/ima/ima_init.c
@@ -63,7 +63,6 @@ static void __init ima_add_boot_aggregate(void)
                result = ima_calc_boot_aggregate(&hash.hdr);
                if (result < 0) {
                        audit_cause = "hashing_error";
-                       kfree(entry);
                        goto err_out;
                }
        }