tomoyo: fix potential use after free
Dan Carpenter [Sat, 13 Mar 2010 11:14:22 +0000 (14:14 +0300)]
The original code returns a freed pointer.  This function is expected to
return NULL on errors.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>

security/tomoyo/common.c

index ff51f10..ef89947 100644 (file)
@@ -886,6 +886,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
        ptr = kmalloc(sizeof(*ptr), GFP_KERNEL);
        if (!tomoyo_memory_ok(ptr)) {
                kfree(ptr);
+               ptr = NULL;
                goto ok;
        }
        for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)