Linux-Security-Module Archive on lore.kernel.org
 help / Atom feed
* [PATCH] smack: Fix a memory leak in smack_add_opt()
@ 2018-12-21  9:09 Dan Carpenter
  2018-12-21 16:36 ` Al Viro
  0 siblings, 1 reply; 4+ messages in thread
From: Dan Carpenter @ 2018-12-21  9:09 UTC (permalink / raw)
  To: Casey Schaufler, Al Viro
  Cc: James Morris, Serge E. Hallyn, linux-security-module,
	linux-kernel, kernel-janitors

The function is leaking "opts" on the error paths.

Fixes: 90e3b564ab93 ("smack: take the guts of smack_parse_opts_str() into a new helper")
Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
---
 security/smack/smack_lsm.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 2adafc1018d9..4e9cdb942677 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -604,13 +604,13 @@ static int smack_add_opt(int token, const char *s, void **mnt_opts)
 {
 	struct smack_mnt_opts *opts = *mnt_opts;
 
+	if (!s)
+		return -ENOMEM;
 	if (!opts) {
 		opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
 		if (!opts)
 			return -ENOMEM;
 	}
-	if (!s)
-		return -ENOMEM;
 
 	switch (token) {
 	case Opt_fsdefault:
@@ -643,6 +643,8 @@ static int smack_add_opt(int token, const char *s, void **mnt_opts)
 	return 0;
 
 out_opt_err:
+	if (opts != *mnt_opts)
+		kfree(opts);
 	pr_warn("Smack: duplicate mount options\n");
 	return -EINVAL;
 }
-- 
2.17.1


^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] smack: Fix a memory leak in smack_add_opt()
  2018-12-21  9:09 [PATCH] smack: Fix a memory leak in smack_add_opt() Dan Carpenter
@ 2018-12-21 16:36 ` Al Viro
  2018-12-21 16:42   ` Al Viro
  0 siblings, 1 reply; 4+ messages in thread
From: Al Viro @ 2018-12-21 16:36 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Casey Schaufler, James Morris, Serge E. Hallyn,
	linux-security-module, linux-kernel, kernel-janitors

On Fri, Dec 21, 2018 at 12:09:58PM +0300, Dan Carpenter wrote:
> The function is leaking "opts" on the error paths.
> 
> Fixes: 90e3b564ab93 ("smack: take the guts of smack_parse_opts_str() into a new helper")
> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>

D'oh...  Applied, thanks for spotting that braino.

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] smack: Fix a memory leak in smack_add_opt()
  2018-12-21 16:36 ` Al Viro
@ 2018-12-21 16:42   ` Al Viro
  2018-12-21 17:41     ` Casey Schaufler
  0 siblings, 1 reply; 4+ messages in thread
From: Al Viro @ 2018-12-21 16:42 UTC (permalink / raw)
  To: Dan Carpenter
  Cc: Casey Schaufler, James Morris, Serge E. Hallyn,
	linux-security-module, linux-kernel, kernel-janitors

On Fri, Dec 21, 2018 at 04:36:54PM +0000, Al Viro wrote:
> On Fri, Dec 21, 2018 at 12:09:58PM +0300, Dan Carpenter wrote:
> > The function is leaking "opts" on the error paths.
> > 
> > Fixes: 90e3b564ab93 ("smack: take the guts of smack_parse_opts_str() into a new helper")
> > Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
> 
> D'oh...  Applied, thanks for spotting that braino.

On the other hand, it's easier to do it this way - the caller will free the damn thing
on error, anyway:

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 11da1e2531c8..cf0c0380e5dd 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -608,6 +608,7 @@ static int smack_add_opt(int token, const char *s, void **mnt_opts)
 		opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
 		if (!opts)
 			return -ENOMEM;
+		*mnt_opts = opts;
 	}
 	if (!s)
 		return -ENOMEM;
@@ -639,7 +640,6 @@ static int smack_add_opt(int token, const char *s, void **mnt_opts)
 		opts->fstransmute = s;
 		break;
 	}
-	*mnt_opts = opts;
 	return 0;
 
 out_opt_err:

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH] smack: Fix a memory leak in smack_add_opt()
  2018-12-21 16:42   ` Al Viro
@ 2018-12-21 17:41     ` Casey Schaufler
  0 siblings, 0 replies; 4+ messages in thread
From: Casey Schaufler @ 2018-12-21 17:41 UTC (permalink / raw)
  To: Al Viro, Dan Carpenter
  Cc: James Morris, Serge E. Hallyn, linux-security-module,
	linux-kernel, kernel-janitors

On 12/21/2018 8:42 AM, Al Viro wrote:
> On Fri, Dec 21, 2018 at 04:36:54PM +0000, Al Viro wrote:
>> On Fri, Dec 21, 2018 at 12:09:58PM +0300, Dan Carpenter wrote:
>>> The function is leaking "opts" on the error paths.
>>>
>>> Fixes: 90e3b564ab93 ("smack: take the guts of smack_parse_opts_str() into a new helper")
>>> Signed-off-by: Dan Carpenter <dan.carpenter@oracle.com>
>> D'oh...  Applied, thanks for spotting that braino.
> On the other hand, it's easier to do it this way - the caller will free the damn thing
> on error, anyway:

What tree/branch is the happening in?

>
> diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
> index 11da1e2531c8..cf0c0380e5dd 100644
> --- a/security/smack/smack_lsm.c
> +++ b/security/smack/smack_lsm.c
> @@ -608,6 +608,7 @@ static int smack_add_opt(int token, const char *s, void **mnt_opts)
>  		opts = kzalloc(sizeof(struct smack_mnt_opts), GFP_KERNEL);
>  		if (!opts)
>  			return -ENOMEM;
> +		*mnt_opts = opts;
>  	}
>  	if (!s)
>  		return -ENOMEM;
> @@ -639,7 +640,6 @@ static int smack_add_opt(int token, const char *s, void **mnt_opts)
>  		opts->fstransmute = s;
>  		break;
>  	}
> -	*mnt_opts = opts;
>  	return 0;
>  
>  out_opt_err:
>


^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, back to index

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-12-21  9:09 [PATCH] smack: Fix a memory leak in smack_add_opt() Dan Carpenter
2018-12-21 16:36 ` Al Viro
2018-12-21 16:42   ` Al Viro
2018-12-21 17:41     ` Casey Schaufler

Linux-Security-Module Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/linux-security-module/0 linux-security-module/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 linux-security-module linux-security-module/ https://lore.kernel.org/linux-security-module \
		linux-security-module@vger.kernel.org linux-security-module@archiver.kernel.org
	public-inbox-index linux-security-module


Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.linux-security-module


AGPL code for this site: git clone https://public-inbox.org/ public-inbox