[PATCH] SELinux: handle sel_make_bools() failure in selinuxfs
Davi Arnaut [Sun, 23 Oct 2005 19:57:16 +0000 (12:57 -0700)]
This patch fixes error handling in sel_make_bools(), where currently we'd
get a memory leak via security_get_bools() and try to kfree() the wrong
pointer if called again.

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

security/selinux/selinuxfs.c

index 8eb140d..a45cc97 100644 (file)
@@ -879,7 +879,7 @@ static ssize_t sel_commit_bools_write(struct file *filep,
        if (sscanf(page, "%d", &new_value) != 1)
                goto out;
 
-       if (new_value) {
+       if (new_value && bool_pending_values) {
                security_set_bools(bool_num, bool_pending_values);
        }
 
@@ -952,6 +952,7 @@ static int sel_make_bools(void)
 
        /* remove any existing files */
        kfree(bool_pending_values);
+       bool_pending_values = NULL;
 
        sel_remove_bools(dir);
 
@@ -1002,6 +1003,7 @@ out:
        }
        return ret;
 err:
+       kfree(values);
        d_genocide(dir);
        ret = -ENOMEM;
        goto out;