Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1752424AbcCVVf1 (ORCPT ); Tue, 22 Mar 2016 17:35:27 -0400 Received: from mail-oi0-f68.google.com ([209.85.218.68]:35848 "EHLO mail-oi0-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1752326AbcCVVfZ (ORCPT ); Tue, 22 Mar 2016 17:35:25 -0400 MIME-Version: 1.0 X-Originating-IP: [73.69.156.224] In-Reply-To: <20160322202817.GA9459@mail.hallyn.com> References: <1458601213-5835-1-git-send-email-colin.king@canonical.com> <20160322202817.GA9459@mail.hallyn.com> Date: Tue, 22 Mar 2016 17:35:24 -0400 Message-ID: Subject: Re: [PATCH] selinux: fix memory leak on node_ptr on error return path From: Paul Moore To: Colin King , "Serge E. Hallyn" Cc: Stephen Smalley , Eric Paris , James Morris , Nick Kralevich , Jeff Vander Stoep , selinux@tycho.nsa.gov, linux-security-module@vger.kernel.org, linux-kernel@vger.kernel.org Content-Type: text/plain; charset=UTF-8 Sender: linux-kernel-owner@vger.kernel.org List-ID: X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 904 Lines: 25 On Tue, Mar 22, 2016 at 4:28 PM, Serge E. Hallyn wrote: > Quoting Colin King (colin.king@canonical.com): >> From: Colin Ian King >> >> node_ptr is not being free'd if the list allocation fails, fix >> this by kfree'ing it before exiting on the error path. >> >> Signed-off-by: Colin Ian King > > Hi, > > I'm not very familiar with this code any more, but are you sure > this is needed and doesn't cause a new bug? It *looks* like > the avtab_insert_nonunique() actually inserts the node_ptr > into the policydb, and the policydb is the one that should > eventually free it. Exactly. cond_insertf() calls avtab_insert_nonunique() which calls avtab_insert_node() which adds the node to the avtab. The avtab will get cleaned up later by the error handling code in the cond_insertf() call chain. -- paul moore www.paul-moore.com