aboutsummaryrefslogtreecommitdiffstats
path: root/security
diff options
context:
space:
mode:
authorNamhyung Kim <namhyung@kernel.org>2014-06-14 12:19:02 -0400
committerPaul Moore <pmoore@redhat.com>2014-06-19 14:56:59 -0400
commit6e51f9cbfa04a92b40e7f9c1e76c8ecbff534a22 (patch)
tree1fb97b53d5b40ceb9df33f43743ca232332d794f /security
parentf004afe60db5b98f2b981978fde8a0d4c6298c5d (diff)
selinux: fix a possible memory leak in cond_read_node()
The cond_read_node() should free the given node on error path as it's not linked to p->cond_list yet. This is done via cond_node_destroy() but it's not called when next_entry() fails before the expr loop. Signed-off-by: Namhyung Kim <namhyung@kernel.org> Signed-off-by: Paul Moore <pmoore@redhat.com>
Diffstat (limited to 'security')
-rw-r--r--security/selinux/ss/conditional.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index f09cc7268b65..62c6773be0b7 100644
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -404,7 +404,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
404 404
405 rc = next_entry(buf, fp, sizeof(u32) * 2); 405 rc = next_entry(buf, fp, sizeof(u32) * 2);
406 if (rc) 406 if (rc)
407 return rc; 407 goto err;
408 408
409 node->cur_state = le32_to_cpu(buf[0]); 409 node->cur_state = le32_to_cpu(buf[0]);
410 410