Commit 20c19e41 authored by Davi Arnaut's avatar Davi Arnaut Committed by Linus Torvalds

[PATCH] SELinux: handle sel_make_bools() failure in selinuxfs

This patch fixes error handling in sel_make_bools(), where currently we'd
get a memory leak via security_get_bools() and try to kfree() the wrong
pointer if called again.
Signed-off-by: default avatarJames Morris <jmorris@namei.org>
Acked-by: default avatarStephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: default avatarAndrew Morton <akpm@osdl.org>
Signed-off-by: default avatarLinus Torvalds <torvalds@osdl.org>
parent 282c1f5e
...@@ -879,7 +879,7 @@ static ssize_t sel_commit_bools_write(struct file *filep, ...@@ -879,7 +879,7 @@ static ssize_t sel_commit_bools_write(struct file *filep,
if (sscanf(page, "%d", &new_value) != 1) if (sscanf(page, "%d", &new_value) != 1)
goto out; goto out;
if (new_value) { if (new_value && bool_pending_values) {
security_set_bools(bool_num, bool_pending_values); security_set_bools(bool_num, bool_pending_values);
} }
...@@ -952,6 +952,7 @@ static int sel_make_bools(void) ...@@ -952,6 +952,7 @@ static int sel_make_bools(void)
/* remove any existing files */ /* remove any existing files */
kfree(bool_pending_values); kfree(bool_pending_values);
bool_pending_values = NULL;
sel_remove_bools(dir); sel_remove_bools(dir);
...@@ -1002,6 +1003,7 @@ static int sel_make_bools(void) ...@@ -1002,6 +1003,7 @@ static int sel_make_bools(void)
} }
return ret; return ret;
err: err:
kfree(values);
d_genocide(dir); d_genocide(dir);
ret = -ENOMEM; ret = -ENOMEM;
goto out; goto out;
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment