[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20080128220938.GH8767@does.not.exist>
Date: Tue, 29 Jan 2008 00:09:38 +0200
From: Adrian Bunk <bunk@...nel.org>
To: paul.moore@...com, James Morris <jmorris@...ei.org>,
sds@...ho.nsa.gov, eparis@...isplace.org
Cc: netdev@...r.kernel.org, linux-kernel@...r.kernel.org
Subject: [2.6 patch] security/selinux/netlabel.c: fix double free
This patch fixes a double free (security_netlbl_sid_to_secattr() already
calls netlbl_secattr_destroy() when it returns !0) introduced by
commit 45c950e0f839fded922ebc0bfd59b1081cc71b70 and spotted by the
Coverity checker.
Signed-off-by: Adrian Bunk <bunk@...nel.org>
---
--- linux-2.6/security/selinux/netlabel.c.old 2008-01-23 00:38:19.000000000 +0200
+++ linux-2.6/security/selinux/netlabel.c 2008-01-23 00:39:09.000000000 +0200
@@ -58,22 +58,22 @@ static int selinux_netlbl_sock_setsid(st
rc = security_netlbl_sid_to_secattr(sid, &secattr);
if (rc != 0)
goto sock_setsid_return;
rc = netlbl_sock_setattr(sk, &secattr);
if (rc == 0) {
spin_lock_bh(&sksec->nlbl_lock);
sksec->nlbl_state = NLBL_LABELED;
spin_unlock_bh(&sksec->nlbl_lock);
}
-sock_setsid_return:
netlbl_secattr_destroy(&secattr);
+sock_setsid_return:
return rc;
}
/**
* selinux_netlbl_cache_invalidate - Invalidate the NetLabel cache
*
* Description:
* Invalidate the NetLabel security attribute mapping cache.
*
*/
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
Powered by blists - more mailing lists