diff options
| author | Trent Jaeger <tjaeger@cse.psu.edu> | 2006-01-06 16:22:39 -0500 |
|---|---|---|
| committer | David S. Miller <davem@davemloft.net> | 2006-01-06 16:22:39 -0500 |
| commit | 5f8ac64b15172c7ced7d7990eb28342092bc751b (patch) | |
| tree | 63046817c9a6e8db513379337f01289c045a5d63 /net/xfrm/xfrm_user.c | |
| parent | 69549ddd2f894c4cead50ee2b60cc02990c389ad (diff) | |
[LSM-IPSec]: Corrections to LSM-IPSec Nethooks
This patch contains two corrections to the LSM-IPsec Nethooks patches
previously applied.
(1) free a security context on a failed insert via xfrm_user
interface in xfrm_add_policy. Memory leak.
(2) change the authorization of the allocation of a security context
in a xfrm_policy or xfrm_state from both relabelfrom and relabelto
to setcontext.
Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm/xfrm_user.c')
| -rw-r--r-- | net/xfrm/xfrm_user.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 92e2b804c606..ac87a09ba83e 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c | |||
| @@ -802,6 +802,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr | |||
| 802 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; | 802 | excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; |
| 803 | err = xfrm_policy_insert(p->dir, xp, excl); | 803 | err = xfrm_policy_insert(p->dir, xp, excl); |
| 804 | if (err) { | 804 | if (err) { |
| 805 | security_xfrm_policy_free(xp); | ||
| 805 | kfree(xp); | 806 | kfree(xp); |
| 806 | return err; | 807 | return err; |
| 807 | } | 808 | } |