aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorAl Viro <viro@zeniv.linux.org.uk>2012-10-16 13:30:07 -0400
committerAl Viro <viro@zeniv.linux.org.uk>2012-10-16 13:36:50 -0400
commit45525b26a46cd593cb72070304c4cd7c8391bd37 (patch)
tree9064f045ef433e4d74d281daa995ee3c082e806e /security
parentdd8e8c4a2c902d8350b702e7bc7c2799e5e7e331 (diff)
fix a leak in replace_fd() users
replace_fd() began with "eats a reference, tries to insert into descriptor table" semantics; at some point I'd switched it to much saner current behaviour ("try to insert into descriptor table, grabbing a new reference if inserted; caller should do fput() in any case"), but forgot to update the callers. Mea culpa... [Spotted by Pavel Roskin, who has really weird system with pipe-fed coredumps as part of what he considers a normal boot ;-)] Signed-off-by: Al Viro <viro@zeniv.linux.org.uk>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/hooks.c18
1 files changed, 7 insertions, 11 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 24ab4148547c..61a53367d029 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -2132,18 +2132,14 @@ static inline void flush_unauthorized_files(const struct cred *cred,
2132 return; 2132 return;
2133 2133
2134 devnull = dentry_open(&selinux_null, O_RDWR, cred); 2134 devnull = dentry_open(&selinux_null, O_RDWR, cred);
2135 if (!IS_ERR(devnull)) { 2135 if (IS_ERR(devnull))
2136 /* replace all the matching ones with this */ 2136 devnull = NULL;
2137 do { 2137 /* replace all the matching ones with this */
2138 replace_fd(n - 1, get_file(devnull), 0); 2138 do {
2139 } while ((n = iterate_fd(files, n, match_file, cred)) != 0); 2139 replace_fd(n - 1, devnull, 0);
2140 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2141 if (devnull)
2140 fput(devnull); 2142 fput(devnull);
2141 } else {
2142 /* just close all the matching ones */
2143 do {
2144 replace_fd(n - 1, NULL, 0);
2145 } while ((n = iterate_fd(files, n, match_file, cred)) != 0);
2146 }
2147} 2143}
2148 2144
2149/* 2145/*