From 246c3fb16b08193837a8009ff15ef6908534ba71 Mon Sep 17 00:00:00 2001 From: "wzt.wzt@gmail.com" Date: Wed, 10 Nov 2010 11:31:55 +0800 Subject: APPARMOR: Fix memory leak of alloc_namespace() policy->name is a substring of policy->hname, if prefix is not NULL, it will allocted strlen(prefix) + strlen(name) + 3 bytes to policy->hname in policy_init(). use kzfree(ns->base.name) will casue memory leak if alloc_namespace() failed. Signed-off-by: Zhitong Wang Signed-off-by: John Johansen Signed-off-by: James Morris --- security/apparmor/policy.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c index 52cc865f1464..4f0eadee78b8 100644 --- a/security/apparmor/policy.c +++ b/security/apparmor/policy.c @@ -306,7 +306,7 @@ static struct aa_namespace *alloc_namespace(const char *prefix, return ns; fail_unconfined: - kzfree(ns->base.name); + kzfree(ns->base.hname); fail_ns: kzfree(ns); return NULL; -- cgit v1.2.2 From a26d279ea87e9fef2cf8a44b371e48e6091975a6 Mon Sep 17 00:00:00 2001 From: "wzt.wzt@gmail.com" Date: Wed, 10 Nov 2010 16:05:15 +0800 Subject: APPARMOR: Fix memory leak of apparmor_init() set_init_cxt() allocted sizeof(struct aa_task_cxt) bytes for cxt, if register_security() failed, it will cause memory leak. Signed-off-by: Zhitong Wang Signed-off-by: John Johansen Signed-off-by: James Morris --- security/apparmor/lsm.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/security/apparmor/lsm.c b/security/apparmor/lsm.c index cf1de4462ccd..b7106f192b75 100644 --- a/security/apparmor/lsm.c +++ b/security/apparmor/lsm.c @@ -922,7 +922,7 @@ static int __init apparmor_init(void) error = register_security(&apparmor_ops); if (error) { AA_ERROR("Unable to register AppArmor\n"); - goto register_security_out; + goto set_init_cxt_out; } /* Report that AppArmor successfully initialized */ @@ -936,6 +936,9 @@ static int __init apparmor_init(void) return error; +set_init_cxt_out: + aa_free_task_context(current->real_cred->security); + register_security_out: aa_free_root_ns(); @@ -944,7 +947,6 @@ alloc_out: apparmor_enabled = 0; return error; - } security_initcall(apparmor_init); -- cgit v1.2.2