Re: [PATCH] SELinux: re. BUG memory leakage at./security/selinux/hooks.c
From: Stephen Smalley
Date: Mon Aug 10 2009 - 08:22:15 EST
On Mon, 2009-08-10 at 22:17 +1000, James Morris wrote:
> Please review.
>
> Author: James Morris <jmorris@xxxxxxxxx>
> Date: Mon Aug 10 22:00:13 2009 +1000
>
> SELinux: fix memory leakage in /security/selinux/hooks.c
>
> Fix memory leakage in /security/selinux/hooks.c
>
> The buffer always needs to be freed here; we either error
> out or allocate more memory.
>
> Reported-by: iceberg <strakh@xxxxxxxxx>
> Signed-off-by: James Morris <jmorris@xxxxxxxxx>
Acked-by: Stephen Smalley <sds@xxxxxxxxxxxxx>
>
> diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
> index 15c2a08..1e8cfc4 100644
> --- a/security/selinux/hooks.c
> +++ b/security/selinux/hooks.c
> @@ -1285,6 +1285,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
> rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
> context, len);
> if (rc == -ERANGE) {
> + kfree(context);
> +
> /* Need a larger buffer. Query for the right size. */
> rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
> NULL, 0);
> @@ -1292,7 +1294,6 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
> dput(dentry);
> goto out_unlock;
> }
> - kfree(context);
> len = rc;
> context = kmalloc(len+1, GFP_NOFS);
> if (!context) {
>
--
Stephen Smalley
National Security Agency
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/