1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
From 2ee409b5009476618833fd7dccb3ee382bfaaa9c Mon Sep 17 00:00:00 2001
From: Tomasz Stanislawski <t.stanislaws@samsung.com>
Date: Thu, 6 Jun 2013 09:30:50 +0200
Subject: [PATCH 1050/1302] security: smack: fix memleak in
smk_write_rules_list()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The smack_parsed_rule structure is allocated. If a rule is successfully
installed then the last reference to the object is lost. This patch fixes this
leak. Moreover smack_parsed_rule is allocated on stack because it no longer
needed ofter smk_write_rules_list() is finished.
Change-Id: I5b4dcadc6a9d675ab630b23c00edeaf595b5b857
Signed-off-by: Tomasz Stanislawski <t.stanislaws@samsung.com>
Signed-off-by: Łukasz Stelmach <l.stelmach@samsung.com>
Signed-off-by: MyungJoo Ham <myungjoo.ham@samsung.com>
---
security/smack/smackfs.c | 33 +++++++++++----------------------
1 file changed, 11 insertions(+), 22 deletions(-)
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index ab16703..269b270 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -447,7 +447,7 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
struct list_head *rule_list,
struct mutex *rule_lock, int format)
{
- struct smack_parsed_rule *rule;
+ struct smack_parsed_rule rule;
char *data;
int datalen;
int rc = -EINVAL;
@@ -479,47 +479,36 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
goto out;
}
- rule = kzalloc(sizeof(*rule), GFP_KERNEL);
- if (rule == NULL) {
- rc = -ENOMEM;
- goto out;
- }
-
if (format == SMK_LONG_FMT) {
/*
* Be sure the data string is terminated.
*/
data[count] = '\0';
- if (smk_parse_long_rule(data, rule, 1, 0))
- goto out_free_rule;
+ if (smk_parse_long_rule(data, &rule, 1, 0))
+ goto out;
} else if (format == SMK_CHANGE_FMT) {
data[count] = '\0';
- if (smk_parse_long_rule(data, rule, 1, 1))
- goto out_free_rule;
+ if (smk_parse_long_rule(data, &rule, 1, 1))
+ goto out;
} else {
/*
* More on the minor hack for backward compatibility
*/
if (count == (SMK_OLOADLEN))
data[SMK_OLOADLEN] = '-';
- if (smk_parse_rule(data, rule, 1))
- goto out_free_rule;
+ if (smk_parse_rule(data, &rule, 1))
+ goto out;
}
if (rule_list == NULL) {
load = 1;
- rule_list = &rule->smk_subject->smk_rules;
- rule_lock = &rule->smk_subject->smk_rules_lock;
+ rule_list = &rule.smk_subject->smk_rules;
+ rule_lock = &rule.smk_subject->smk_rules_lock;
}
- rc = smk_set_access(rule, rule_list, rule_lock, load);
- if (rc == 0) {
+ rc = smk_set_access(&rule, rule_list, rule_lock, load);
+ if (rc == 0)
rc = count;
- goto out;
- }
-
-out_free_rule:
- kfree(rule);
out:
kfree(data);
return rc;
--
1.8.3.2
|
