[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <20200629155309.2495516-65-sashal@kernel.org>
Date: Mon, 29 Jun 2020 11:51:58 -0400
From: Sasha Levin <sashal@...nel.org>
To: linux-kernel@...r.kernel.org, stable@...r.kernel.org
Cc: Tom Rix <trix@...hat.com>,
Stephen Smalley <stephen.smalley.work@...il.com>,
Paul Moore <paul@...l-moore.com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>
Subject: [PATCH 4.4 064/135] selinux: fix double free
From: Tom Rix <trix@...hat.com>
commit 65de50969a77509452ae590e9449b70a22b923bb upstream.
Clang's static analysis tool reports these double free memory errors.
security/selinux/ss/services.c:2987:4: warning: Attempt to free released memory [unix.Malloc]
kfree(bnames[i]);
^~~~~~~~~~~~~~~~
security/selinux/ss/services.c:2990:2: warning: Attempt to free released memory [unix.Malloc]
kfree(bvalues);
^~~~~~~~~~~~~~
So improve the security_get_bools error handling by freeing these variables
and setting their return pointers to NULL and the return len to 0
Cc: stable@...r.kernel.org
Signed-off-by: Tom Rix <trix@...hat.com>
Acked-by: Stephen Smalley <stephen.smalley.work@...il.com>
Signed-off-by: Paul Moore <paul@...l-moore.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@...uxfoundation.org>
---
security/selinux/ss/services.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 0a258c0602d13..55c869e0a3a08 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2622,8 +2622,12 @@ int security_get_bools(int *len, char ***names, int **values)
if (*names) {
for (i = 0; i < *len; i++)
kfree((*names)[i]);
+ kfree(*names);
}
kfree(*values);
+ *len = 0;
+ *names = NULL;
+ *values = NULL;
goto out;
}
--
2.25.1
Powered by blists - more mailing lists