diff options
author | Namhyung Kim <namhyung@kernel.org> | 2014-06-14 12:19:02 -0400 |
---|---|---|
committer | Paul Moore <pmoore@redhat.com> | 2014-06-19 14:56:59 -0400 |
commit | 6e51f9cbfa04a92b40e7f9c1e76c8ecbff534a22 (patch) | |
tree | 1fb97b53d5b40ceb9df33f43743ca232332d794f /security | |
parent | f004afe60db5b98f2b981978fde8a0d4c6298c5d (diff) |
selinux: fix a possible memory leak in cond_read_node()
The cond_read_node() should free the given node on error path as it's
not linked to p->cond_list yet. This is done via cond_node_destroy()
but it's not called when next_entry() fails before the expr loop.
Signed-off-by: Namhyung Kim <namhyung@kernel.org>
Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security')
-rw-r--r-- | security/selinux/ss/conditional.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c index f09cc7268b65..62c6773be0b7 100644 --- a/security/selinux/ss/conditional.c +++ b/security/selinux/ss/conditional.c | |||
@@ -404,7 +404,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp) | |||
404 | 404 | ||
405 | rc = next_entry(buf, fp, sizeof(u32) * 2); | 405 | rc = next_entry(buf, fp, sizeof(u32) * 2); |
406 | if (rc) | 406 | if (rc) |
407 | return rc; | 407 | goto err; |
408 | 408 | ||
409 | node->cur_state = le32_to_cpu(buf[0]); | 409 | node->cur_state = le32_to_cpu(buf[0]); |
410 | 410 | ||