Re: [PATCH] kernel: auditfilter: looping issue, memory leak if has2 or more AUDIT_FILTERKEYs

From: Eric Paris
Date: Wed Apr 10 2013 - 17:38:23 EST

----- Original Message -----
> also for function audit_list_rules:
> when call audit_make_reply fails (will return NULL).
> we also need process data->buf, not only data itself.
> please help check, thanks.

struct audit_rule_data {
char buf[0]; /* string fields buffer */

The last element in the struct is 0 length. But the allocation in audit_krule_to_data() looks like:

data = kmalloc(sizeof(*data) + krule->buflen, GFP_KERNEL);

So now data->buf appears as an allocation of size krule->buflen.

We do not need to free it separately. This is a pretty common C trick.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at