diff options
author | Chad Sellers <csellers@tresys.com> | 2006-10-06 16:09:52 -0400 |
---|---|---|
committer | David S. Miller <davem@sunset.davemloft.net> | 2006-10-12 02:59:41 -0400 |
commit | 6e8c751e07b34d73069e9333f67fbe5ffe31ec3a (patch) | |
tree | 6fe661be57040eebd237c5bed86e5eb76910639e /security | |
parent | 3bccfbc7a7ba4085817deae6e7c67daf0cbd045a (diff) |
SELinux: Bug fix in polidydb_destroy
This patch fixes two bugs in policydb_destroy. Two list pointers
(policydb.ocontexts[i] and policydb.genfs) were not being reset to NULL when
the lists they pointed to were being freed. This caused a problem when the
initial policy load failed, as the policydb being destroyed was not a
temporary new policydb that was thrown away, but rather was the global
(active) policydb. Consequently, later functions, particularly
sys_bind->selinux_socket_bind->security_node_sid and
do_rw_proc->selinux_sysctl->selinux_proc_get_sid->security_genfs_sid tried
to dereference memory that had previously been freed.
Signed-off-by: Chad Sellers <csellers@tresys.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ss/policydb.c | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index b18895302555..ba48961f9d05 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c | |||
@@ -618,6 +618,7 @@ void policydb_destroy(struct policydb *p) | |||
618 | c = c->next; | 618 | c = c->next; |
619 | ocontext_destroy(ctmp,i); | 619 | ocontext_destroy(ctmp,i); |
620 | } | 620 | } |
621 | p->ocontexts[i] = NULL; | ||
621 | } | 622 | } |
622 | 623 | ||
623 | g = p->genfs; | 624 | g = p->genfs; |
@@ -633,6 +634,7 @@ void policydb_destroy(struct policydb *p) | |||
633 | g = g->next; | 634 | g = g->next; |
634 | kfree(gtmp); | 635 | kfree(gtmp); |
635 | } | 636 | } |
637 | p->genfs = NULL; | ||
636 | 638 | ||
637 | cond_policydb_destroy(p); | 639 | cond_policydb_destroy(p); |
638 | 640 | ||