1 files changed, 3 insertions, 2 deletions

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 195906bce266..1e8cfc4c2ed6 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -1285,6 +1285,8 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
                                            context, len);
                 if (rc == -ERANGE) {
+                        kfree(context);
+
                         /* Need a larger buffer.  Query for the right size. */
                         rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
                                                    NULL, 0);
@@ -1292,7 +1294,6 @@ static int inode_doinit_with_dentry(struct inode *inode, struct dentry *opt_dent
                                 dput(dentry);
                                 goto out_unlock;
                         }
-                        kfree(context);
                         len = rc;
                         context = kmalloc(len+1, GFP_NOFS);
                         if (!context) {
@@ -4495,7 +4496,7 @@ static unsigned int selinux_ip_postroute(struct sk_buff *skb, int ifindex,
          * when the packet is on it's final way out.
          * NOTE: there appear to be some IPv6 multicast cases where skb->dst
          *       is NULL, in this case go ahead and apply access control. */
-        if (skb->dst != NULL && skb->dst->xfrm != NULL)
+        if (skb_dst(skb) != NULL && skb_dst(skb)->xfrm != NULL)
                 return NF_ACCEPT;
 #endif
         secmark_active = selinux_secmark_enabled();