| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20200610181021.19209-2-trix@redhat.com>
Date: Wed, 10 Jun 2020 11:10:21 -0700
From: trix@...hat.com
To: paul@...l-moore.com, stephen.smalley.work@...il.com,
eparis@...isplace.org, omosnace@...hat.com, jeffv@...gle.com,
rgb@...hat.com
Cc: selinux@...r.kernel.org, linux-kernel@...r.kernel.org,
Tom Rix <trix@...hat.com>
Subject: [PATCH 1/1] selinux: fix double free
From: Tom Rix <trix@...hat.com>
Clang's static analysis tool reports these double free memory errors.
security/selinux/ss/services.c:2987:4: warning: Attempt to free released memory [unix.Malloc]
kfree(bnames[i]);
^~~~~~~~~~~~~~~~
security/selinux/ss/services.c:2990:2: warning: Attempt to free released memory [unix.Malloc]
kfree(bvalues);
^~~~~~~~~~~~~~
So improve the security_get_bools error handling by freeing these variables
and setting their return pointers to NULL and the return len to 0
Signed-off-by: Tom Rix <trix@...hat.com>
---
security/selinux/ss/services.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 313919bd42f8..2dffae1feaff 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2888,8 +2888,12 @@ int security_get_bools(struct selinux_state *state,
if (*names) {
for (i = 0; i < *len; i++)
kfree((*names)[i]);
+ kfree(names);
}
kfree(*values);
+ *len = 0;
+ *names = NULL;
+ *values = NULL;
goto out;
}
--
2.18.1
Powered by blists - more mailing lists