summaryrefslogtreecommitdiff
path: root/security/smack
diff options
context:
space:
mode:
authorHimanshu Shukla <himanshu.sh@samsung.com>2016-11-10 16:17:02 +0530
committerCasey Schaufler <casey@schaufler-ca.com>2016-11-10 11:22:06 -0800
commitb437aba85b5c4689543409d8407c016749231aae (patch)
tree9f03c18907323f8703571b2e87dc31cd83907152 /security/smack
parent7128ea159d60a91b3f0a7d10a1ea7d62b53cda93 (diff)
SMACK: Fix the memory leak in smack_cred_prepare() hook
Memory leak in smack_cred_prepare()function. smack_cred_prepare() hook returns error if there is error in allocating memory in smk_copy_rules() or smk_copy_relabel() function. If smack_cred_prepare() function returns error then the calling function should call smack_cred_free() function for cleanup. In smack_cred_free() function first credential is extracted and then all rules are deleted. In smack_cred_prepare() function security field is assigned in the end when all function return success. But this function may return before and memory will not be freed. Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com> Acked-by: Casey Schaufler <casey@schaufler-ca.com>
Diffstat (limited to 'security/smack')
-rw-r--r--security/smack/smack_lsm.c3
1 files changed, 2 insertions, 1 deletions
diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 3a5684b47354..f7ee77c3db55 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2023,6 +2023,8 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old,
if (new_tsp == NULL)
return -ENOMEM;
+ new->security = new_tsp;
+
rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
if (rc != 0)
return rc;
@@ -2032,7 +2034,6 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old,
if (rc != 0)
return rc;
- new->security = new_tsp;
return 0;
}