SELinux: memory leak in security_context_to_sid_core
Fix a bug and a philosophical decision about who handles errors. security_context_to_sid_core() was leaking a context in the common case. This was causing problems on fedora systems which recently have started making extensive use of this function. In discussion it was decided that if string_to_context_struct() had an error it was its own responsibility to clean up any mess it created along the way. Signed-off-by: Eric Paris <eparis@redhat.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
Родитель
ec0c15afb4
Коммит
8e531af90f
|
@ -811,11 +811,12 @@ static int string_to_context_struct(struct policydb *pol,
|
||||||
/* Check the validity of the new context. */
|
/* Check the validity of the new context. */
|
||||||
if (!policydb_context_isvalid(pol, ctx)) {
|
if (!policydb_context_isvalid(pol, ctx)) {
|
||||||
rc = -EINVAL;
|
rc = -EINVAL;
|
||||||
context_destroy(ctx);
|
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
rc = 0;
|
rc = 0;
|
||||||
out:
|
out:
|
||||||
|
if (rc)
|
||||||
|
context_destroy(ctx);
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -868,8 +869,7 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
|
||||||
} else if (rc)
|
} else if (rc)
|
||||||
goto out;
|
goto out;
|
||||||
rc = sidtab_context_to_sid(&sidtab, &context, sid);
|
rc = sidtab_context_to_sid(&sidtab, &context, sid);
|
||||||
if (rc)
|
context_destroy(&context);
|
||||||
context_destroy(&context);
|
|
||||||
out:
|
out:
|
||||||
read_unlock(&policy_rwlock);
|
read_unlock(&policy_rwlock);
|
||||||
kfree(scontext2);
|
kfree(scontext2);
|
||||||
|
|
Загрузка…
Ссылка в новой задаче