2005-10-20 16:50:31

by James Morris

[permalink] [raw]
Subject: [PATCH] SELinux - handle sel_make_bools() failure in selinuxfs

This patch fixes error handling in sel_make_bools(), where currently we'd
get a memory leak via security_get_bools() and try to kfree() the wrong
pointer if called again.

Please apply.

Author: Davi Arnaut <[email protected]>
Signed-off-by: James Morris <[email protected]>
Acked-by: Stephen Smalley <[email protected]>

---

security/selinux/selinuxfs.c | 4 +++-
1 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -879,7 +879,7 @@ static ssize_t sel_commit_bools_write(st
if (sscanf(page, "%d", &new_value) != 1)
goto out;

- if (new_value) {
+ if (new_value && bool_pending_values) {
security_set_bools(bool_num, bool_pending_values);
}

@@ -952,6 +952,7 @@ static int sel_make_bools(void)

/* remove any existing files */
kfree(bool_pending_values);
+ bool_pending_values = NULL;

sel_remove_bools(dir);

@@ -1002,6 +1003,7 @@ out:
}
return ret;
err:
+ kfree(values);
d_genocide(dir);
ret = -ENOMEM;
goto out;