aboutsummaryrefslogtreecommitdiffstats
path: root/security/selinux
diff options
context:
space:
mode:
authorChad Sellers <csellers@tresys.com>2006-10-06 16:09:52 -0400
committerDavid S. Miller <davem@sunset.davemloft.net>2006-10-12 02:59:41 -0400
commit6e8c751e07b34d73069e9333f67fbe5ffe31ec3a (patch)
tree6fe661be57040eebd237c5bed86e5eb76910639e /security/selinux
parent3bccfbc7a7ba4085817deae6e7c67daf0cbd045a (diff)
SELinux: Bug fix in polidydb_destroy
This patch fixes two bugs in policydb_destroy. Two list pointers (policydb.ocontexts[i] and policydb.genfs) were not being reset to NULL when the lists they pointed to were being freed. This caused a problem when the initial policy load failed, as the policydb being destroyed was not a temporary new policydb that was thrown away, but rather was the global (active) policydb. Consequently, later functions, particularly sys_bind->selinux_socket_bind->security_node_sid and do_rw_proc->selinux_sysctl->selinux_proc_get_sid->security_genfs_sid tried to dereference memory that had previously been freed. Signed-off-by: Chad Sellers <csellers@tresys.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/selinux')
-rw-r--r--security/selinux/ss/policydb.c2
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index b18895302555..ba48961f9d05 100644
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -618,6 +618,7 @@ void policydb_destroy(struct policydb *p)
618 c = c->next; 618 c = c->next;
619 ocontext_destroy(ctmp,i); 619 ocontext_destroy(ctmp,i);
620 } 620 }
621 p->ocontexts[i] = NULL;
621 } 622 }
622 623
623 g = p->genfs; 624 g = p->genfs;
@@ -633,6 +634,7 @@ void policydb_destroy(struct policydb *p)
633 g = g->next; 634 g = g->next;
634 kfree(gtmp); 635 kfree(gtmp);
635 } 636 }
637 p->genfs = NULL;
636 638
637 cond_policydb_destroy(p); 639 cond_policydb_destroy(p);
638 640