[PATCH] SELinux: handle sel_make_bools() failure in selinuxfs

This patch fixes error handling in sel_make_bools(), where currently we'd get a memory leak via security_get_bools() and try to kfree() the wrong pointer if called again. Signed-off-by: James Morris <jmorris@namei.org> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: Andrew Morton <akpm@osdl.org> Signed-off-by: Linus Torvalds <torvalds@osdl.org>
author: Davi Arnaut <davi.arnaut@gmail.com> 2005-10-23 15:57:16 -0400
committer: Linus Torvalds <torvalds@g5.osdl.org> 2005-10-23 19:38:39 -0400
commit: 20c19e4179884d7e843314071e2dfb1ea7b0afcd (patch)
tree: 1ed0cc19c51b10336c14a1b9c35095ef8ebfd138 /security
parent: 282c1f5eba150d0b156ffa9e6b064f1d92f8315f (diff)
1 files changed, 3 insertions, 1 deletions
diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 8eb140dd2e4b..a45cc971e735 100644
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -879,7 +879,7 @@ static ssize_t sel_commit_bools_write(struct file *filep,
        if (sscanf(page, "%d", &new_value) != 1)
                goto out;
-        if (new_value) {
+        if (new_value && bool_pending_values) {
                security_set_bools(bool_num, bool_pending_values);
        }
@@ -952,6 +952,7 @@ static int sel_make_bools(void)
        /* remove any existing files */
        kfree(bool_pending_values);
+        bool_pending_values = NULL;
        sel_remove_bools(dir);
@@ -1002,6 +1003,7 @@ out:
        }
        return ret;
 err:
+        kfree(values);
        d_genocide(dir);
        ret = -ENOMEM;
        goto out;
author	Davi Arnaut <davi.arnaut@gmail.com>	2005-10-23 15:57:16 -0400
committer	Linus Torvalds <torvalds@g5.osdl.org>	2005-10-23 19:38:39 -0400
commit	20c19e4179884d7e843314071e2dfb1ea7b0afcd (patch)
tree	1ed0cc19c51b10336c14a1b9c35095ef8ebfd138 /security
parent	282c1f5eba150d0b156ffa9e6b064f1d92f8315f (diff)