diff options
author | James Morris <jmorris@namei.org> | 2009-08-10 22:00:13 +1000 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2009-08-11 08:37:13 +1000 |
commit | 314dabb83a547ec4da819e8cbc78fac9cec605cd (patch) | |
tree | 8e32efc47c52a218bfb4eb517ae2ba14d496adcc /security/selinux/hooks.c | |
parent | 85dfd81dc57e8183a277ddd7a56aa65c96f3f487 (diff) | |
download | lwn-314dabb83a547ec4da819e8cbc78fac9cec605cd.tar.gz lwn-314dabb83a547ec4da819e8cbc78fac9cec605cd.zip |
SELinux: fix memory leakage in /security/selinux/hooks.c
Fix memory leakage in /security/selinux/hooks.c
The buffer always needs to be freed here; we either error
out or allocate more memory.
Reported-by: iceberg <strakh@ispras.ru>
Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Diffstat (limited to 'security/selinux/hooks.c')
-rw-r--r-- | security/selinux/hooks.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 15c2a08a66f1..1e8cfc4c2ed6 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -1285,6 +1285,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, context, len); if (rc == -ERANGE) { + kfree(context); + /* Need a larger buffer. Query for the right size. */ rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX, NULL, 0); @@ -1292,7 +1294,6 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent dput(dentry); goto out_unlock; } - kfree(context); len = rc; context = kmalloc(len+1, GFP_NOFS); if (!context) { |