* [PATCH] selinux: fix memory leak on node_ptr on error return path
@ 2016-03-21 23:00 Colin King
2016-03-22 20:28 ` Serge E. Hallyn
0 siblings, 1 reply; 4+ messages in thread
From: Colin King @ 2016-03-21 23:00 UTC (permalink / raw)
To: Paul Moore, Stephen Smalley, Eric Paris, James Morris,
Serge E . Hallyn, Nick Kralevich, Jeff Vander Stoep, selinux,
linux-security-module
Cc: linux-kernel
From: Colin Ian King <colin.king@canonical.com>
node_ptr is not being free'd if the list allocation fails, fix
this by kfree'ing it before exiting on the error path.
Signed-off-by: Colin Ian King <colin.king@canonical.com>
---
security/selinux/ss/conditional.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 456e1a9..5d010ef 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -332,6 +332,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL);
if (!list) {
rc = -ENOMEM;
+ kfree(node_ptr);
goto err;
}
--
2.7.3
^ permalink raw reply related [flat|nested] 4+ messages in thread
* Re: [PATCH] selinux: fix memory leak on node_ptr on error return path
2016-03-21 23:00 [PATCH] selinux: fix memory leak on node_ptr on error return path Colin King
@ 2016-03-22 20:28 ` Serge E. Hallyn
2016-03-22 21:35 ` Paul Moore
0 siblings, 1 reply; 4+ messages in thread
From: Serge E. Hallyn @ 2016-03-22 20:28 UTC (permalink / raw)
To: Colin King
Cc: Paul Moore, Stephen Smalley, Eric Paris, James Morris,
Serge E . Hallyn, Nick Kralevich, Jeff Vander Stoep, selinux,
linux-security-module, linux-kernel
Quoting Colin King (colin.king@canonical.com):
> From: Colin Ian King <colin.king@canonical.com>
>
> node_ptr is not being free'd if the list allocation fails, fix
> this by kfree'ing it before exiting on the error path.
>
> Signed-off-by: Colin Ian King <colin.king@canonical.com>
Hi,
I'm not very familiar with this code any more, but are you sure
this is needed and doesn't cause a new bug? It *looks* like
the avtab_insert_nonunique() actually inserts the node_ptr
into the policydb, and the policydb is the one that should
eventually free it.
> ---
> security/selinux/ss/conditional.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
> index 456e1a9..5d010ef 100644
> --- a/security/selinux/ss/conditional.c
> +++ b/security/selinux/ss/conditional.c
> @@ -332,6 +332,7 @@ static int cond_insertf(struct avtab *a, struct avtab_key *k, struct avtab_datum
> list = kzalloc(sizeof(struct cond_av_list), GFP_KERNEL);
> if (!list) {
> rc = -ENOMEM;
> + kfree(node_ptr);
> goto err;
> }
>
> --
> 2.7.3
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] selinux: fix memory leak on node_ptr on error return path
2016-03-22 20:28 ` Serge E. Hallyn
@ 2016-03-22 21:35 ` Paul Moore
2016-03-22 21:38 ` Colin Ian King
0 siblings, 1 reply; 4+ messages in thread
From: Paul Moore @ 2016-03-22 21:35 UTC (permalink / raw)
To: Colin King, Serge E. Hallyn
Cc: Stephen Smalley, Eric Paris, James Morris, Nick Kralevich,
Jeff Vander Stoep, selinux, linux-security-module, linux-kernel
On Tue, Mar 22, 2016 at 4:28 PM, Serge E. Hallyn <serge@hallyn.com> wrote:
> Quoting Colin King (colin.king@canonical.com):
>> From: Colin Ian King <colin.king@canonical.com>
>>
>> node_ptr is not being free'd if the list allocation fails, fix
>> this by kfree'ing it before exiting on the error path.
>>
>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>
> Hi,
>
> I'm not very familiar with this code any more, but are you sure
> this is needed and doesn't cause a new bug? It *looks* like
> the avtab_insert_nonunique() actually inserts the node_ptr
> into the policydb, and the policydb is the one that should
> eventually free it.
Exactly. cond_insertf() calls avtab_insert_nonunique() which calls
avtab_insert_node() which adds the node to the avtab. The avtab will
get cleaned up later by the error handling code in the cond_insertf()
call chain.
--
paul moore
www.paul-moore.com
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: [PATCH] selinux: fix memory leak on node_ptr on error return path
2016-03-22 21:35 ` Paul Moore
@ 2016-03-22 21:38 ` Colin Ian King
0 siblings, 0 replies; 4+ messages in thread
From: Colin Ian King @ 2016-03-22 21:38 UTC (permalink / raw)
To: Paul Moore, Serge E. Hallyn
Cc: Stephen Smalley, Eric Paris, James Morris, Nick Kralevich,
Jeff Vander Stoep, selinux, linux-security-module, linux-kernel
On 22/03/16 21:35, Paul Moore wrote:
> On Tue, Mar 22, 2016 at 4:28 PM, Serge E. Hallyn <serge@hallyn.com> wrote:
>> Quoting Colin King (colin.king@canonical.com):
>>> From: Colin Ian King <colin.king@canonical.com>
>>>
>>> node_ptr is not being free'd if the list allocation fails, fix
>>> this by kfree'ing it before exiting on the error path.
>>>
>>> Signed-off-by: Colin Ian King <colin.king@canonical.com>
>>
>> Hi,
>>
>> I'm not very familiar with this code any more, but are you sure
>> this is needed and doesn't cause a new bug? It *looks* like
>> the avtab_insert_nonunique() actually inserts the node_ptr
>> into the policydb, and the policydb is the one that should
>> eventually free it.
>
> Exactly. cond_insertf() calls avtab_insert_nonunique() which calls
> avtab_insert_node() which adds the node to the avtab. The avtab will
> get cleaned up later by the error handling code in the cond_insertf()
> call chain.
>
My bad, apologies.
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-03-22 21:38 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-03-21 23:00 [PATCH] selinux: fix memory leak on node_ptr on error return path Colin King
2016-03-22 20:28 ` Serge E. Hallyn
2016-03-22 21:35 ` Paul Moore
2016-03-22 21:38 ` Colin Ian King
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.