From: Davi Arnaut <davi.arnaut@gmail.com>
Date: Sun, 23 Oct 2005 19:57:16 +0000 (-0700)
Subject: [PATCH] SELinux: handle sel_make_bools() failure in selinuxfs
X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=20c19e4179884d7e843314071e2dfb1ea7b0afcd;p=linux.git

[PATCH] SELinux: handle sel_make_bools() failure in selinuxfs

This patch fixes error handling in sel_make_bools(), where currently we'd
get a memory leak via security_get_bools() and try to kfree() the wrong
pointer if called again.

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>
---

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 8eb140dd2e4b3..a45cc971e7358 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -879,7 +879,7 @@ static ssize_t sel_commit_bools_write(struct file *filep,
 	if (sscanf(page, "%d", &new_value) != 1)
 		goto out;
 
-	if (new_value) {
+	if (new_value && bool_pending_values) {
 		security_set_bools(bool_num, bool_pending_values);
 	}
 
@@ -952,6 +952,7 @@ static int sel_make_bools(void)
 
 	/* remove any existing files */
 	kfree(bool_pending_values);
+	bool_pending_values = NULL;
 
 	sel_remove_bools(dir);
 
@@ -1002,6 +1003,7 @@ out:
 	}
 	return ret;
 err:
+	kfree(values);
 	d_genocide(dir);
 	ret = -ENOMEM;
 	goto out;