Re: [PATCH 2/2] selinux: fix a possible memory leak in cond_read_node()

All of lore.kernel.org
 help / color / mirror / Atom feed

From: Paul Moore <paul@paul-moore.com>
To: Namhyung Kim <namhyung@kernel.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
	LKML <linux-kernel@vger.kernel.org>,
	selinux@tycho.nsa.gov
Subject: Re: [PATCH 2/2] selinux: fix a possible memory leak in cond_read_node()
Date: Wed, 18 Jun 2014 15:41:09 -0400	[thread overview]
Message-ID: <1561884.1cnB23BPDD@sifl> (raw)
In-Reply-To: <1402762742-2808-2-git-send-email-namhyung@kernel.org>

On Sunday, June 15, 2014 01:19:02 AM Namhyung Kim wrote:
> The cond_read_node() should free the given node on error path as it's
> not linked to p->cond_list yet.  This is done via cond_node_destroy()
> but it's not called when next_entry() fails before the expr loop.
> 
> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
> ---
>  security/selinux/ss/conditional.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Thanks, nice catch.  This patch looks good to me but it is dependent on patch 
1/2 which I commented on ... 

> diff --git a/security/selinux/ss/conditional.c
> b/security/selinux/ss/conditional.c index 4766a38fae9a..470d5cca8d14 100644
> --- a/security/selinux/ss/conditional.c
> +++ b/security/selinux/ss/conditional.c
> @@ -404,7 +404,7 @@ static int cond_read_node(struct policydb *p, struct
> cond_node *node, void *fp)
> 
>  	rc = next_entry(buf, fp, sizeof(buf));
>  	if (rc)
> -		return rc;
> +		goto err;
> 
>  	node->cur_state = le32_to_cpu(buf[0]);

-- 
paul moore
www.paul-moore.com

WARNING: multiple messages have this Message-ID (diff)

From: Paul Moore <paul@paul-moore.com>
To: Namhyung Kim <namhyung@kernel.org>
Cc: Stephen Smalley <sds@tycho.nsa.gov>,
	Eric Paris <eparis@parisplace.org>,
	selinux@tycho.nsa.gov, LKML <linux-kernel@vger.kernel.org>
Subject: Re: [PATCH 2/2] selinux: fix a possible memory leak in cond_read_node()
Date: Wed, 18 Jun 2014 15:41:09 -0400	[thread overview]
Message-ID: <1561884.1cnB23BPDD@sifl> (raw)
In-Reply-To: <1402762742-2808-2-git-send-email-namhyung@kernel.org>

On Sunday, June 15, 2014 01:19:02 AM Namhyung Kim wrote:
> The cond_read_node() should free the given node on error path as it's
> not linked to p->cond_list yet.  This is done via cond_node_destroy()
> but it's not called when next_entry() fails before the expr loop.
> 
> Signed-off-by: Namhyung Kim <namhyung@kernel.org>
> ---
>  security/selinux/ss/conditional.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Thanks, nice catch.  This patch looks good to me but it is dependent on patch 
1/2 which I commented on ... 

> diff --git a/security/selinux/ss/conditional.c
> b/security/selinux/ss/conditional.c index 4766a38fae9a..470d5cca8d14 100644
> --- a/security/selinux/ss/conditional.c
> +++ b/security/selinux/ss/conditional.c
> @@ -404,7 +404,7 @@ static int cond_read_node(struct policydb *p, struct
> cond_node *node, void *fp)
> 
>  	rc = next_entry(buf, fp, sizeof(buf));
>  	if (rc)
> -		return rc;
> +		goto err;
> 
>  	node->cur_state = le32_to_cpu(buf[0]);

-- 
paul moore
www.paul-moore.com

next prev parent reply	other threads:[~2014-06-18 19:41 UTC|newest]

Thread overview: 14+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2014-06-14 16:19 [PATCH 1/2] selinux: simple cleanup for cond_read_node() Namhyung Kim
2014-06-14 16:19 ` Namhyung Kim
2014-06-14 16:19 ` [PATCH 2/2] selinux: fix a possible memory leak in cond_read_node() Namhyung Kim
2014-06-14 16:19   ` Namhyung Kim
2014-06-18 19:41   ` Paul Moore [this message]
2014-06-18 19:41     ` Paul Moore
2014-06-18 19:36 ` [PATCH 1/2] selinux: simple cleanup for cond_read_node() Paul Moore
2014-06-18 19:36   ` Paul Moore
2014-06-18 23:58   ` Namhyung Kim
2014-06-18 23:58     ` Namhyung Kim
2014-06-19 18:59     ` Paul Moore
2014-06-19 18:59       ` Paul Moore
2014-06-19 12:03   ` Stephen Smalley
2014-06-19 12:03     ` Stephen Smalley

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=1561884.1cnB23BPDD@sifl \
    --to=paul@paul-moore.com \
    --cc=linux-kernel@vger.kernel.org \
    --cc=namhyung@kernel.org \
    --cc=sds@tycho.nsa.gov \
    --cc=selinux@tycho.nsa.gov \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.