* [PATCH 0/2] Small memory-leak patchset
@ 2007-08-01 15:12 ` Paul Moore
0 siblings, 0 replies; 8+ messages in thread
From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw)
To: netdev, selinux
While doing some other work I found some small memory leaks with the way
we are using security_secid_to_secctx() in some of the auditing code paths.
We also had a redundant NULL pointer check in the SELinux function which frees
the leaked memory. This patchset fixes both of these issues.
This patchset is backed against Linus' tree from this morning and has been
lightly tested.
--
paul moore
linux security @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 0/2] Small memory-leak patchset
@ 2007-08-01 15:12 ` Paul Moore
0 siblings, 0 replies; 8+ messages in thread
From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw)
To: netdev, selinux
While doing some other work I found some small memory leaks with the way
we are using security_secid_to_secctx() in some of the auditing code paths.
We also had a redundant NULL pointer check in the SELinux function which frees
the leaked memory. This patchset fixes both of these issues.
This patchset is backed against Linus' tree from this morning and has been
lightly tested.
--
paul moore
linux security @ hp
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] SELinux: remove redundant pointer checks before calling kfree()
2007-08-01 15:12 ` Paul Moore
@ 2007-08-01 15:12 ` Paul Moore
-1 siblings, 0 replies; 8+ messages in thread
From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw)
To: netdev, selinux; +Cc: Paul Moore
We don't need to check for NULL pointers before calling kfree().
Signed-off-by: Paul Moore <paul.moore@hp.com>
---
security/selinux/hooks.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Index: linux-2.6_secctx-leaks/security/selinux/hooks.c
===================================================================
--- linux-2.6_secctx-leaks.orig/security/selinux/hooks.c
+++ linux-2.6_secctx-leaks/security/selinux/hooks.c
@@ -4658,8 +4658,7 @@ static int selinux_secid_to_secctx(u32 s
static void selinux_release_secctx(char *secdata, u32 seclen)
{
- if (secdata)
- kfree(secdata);
+ kfree(secdata);
}
#ifdef CONFIG_KEYS
--
paul moore
linux security @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 1/2] SELinux: remove redundant pointer checks before calling kfree()
@ 2007-08-01 15:12 ` Paul Moore
0 siblings, 0 replies; 8+ messages in thread
From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw)
To: netdev, selinux; +Cc: Paul Moore
[-- Attachment #1: selinux-kfree_check --]
[-- Type: text/plain, Size: 678 bytes --]
We don't need to check for NULL pointers before calling kfree().
Signed-off-by: Paul Moore <paul.moore@hp.com>
---
security/selinux/hooks.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Index: linux-2.6_secctx-leaks/security/selinux/hooks.c
===================================================================
--- linux-2.6_secctx-leaks.orig/security/selinux/hooks.c
+++ linux-2.6_secctx-leaks/security/selinux/hooks.c
@@ -4658,8 +4658,7 @@ static int selinux_secid_to_secctx(u32 s
static void selinux_release_secctx(char *secdata, u32 seclen)
{
- if (secdata)
- kfree(secdata);
+ kfree(secdata);
}
#ifdef CONFIG_KEYS
--
paul moore
linux security @ hp
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx()
2007-08-01 15:12 ` Paul Moore
@ 2007-08-01 15:12 ` Paul Moore
-1 siblings, 0 replies; 8+ messages in thread
From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw)
To: netdev, selinux; +Cc: Paul Moore
The security_secid_to_secctx() function returns memory that must be freed
by a call to security_release_secctx() which was not always happening. This
patch fixes two of these problems (all that I could find in the kernel source
at present).
Signed-off-by: Paul Moore <paul.moore@hp.com>
---
net/netlabel/netlabel_user.c | 4 +++-
net/xfrm/xfrm_policy.c | 5 +++--
2 files changed, 6 insertions(+), 3 deletions(-)
Index: linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c
===================================================================
--- linux-2.6_secctx-leaks.orig/net/netlabel/netlabel_user.c
+++ linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c
@@ -113,8 +113,10 @@ struct audit_buffer *netlbl_audit_start_
if (audit_info->secid != 0 &&
security_secid_to_secctx(audit_info->secid,
&secctx,
- &secctx_len) == 0)
+ &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
+ security_release_secctx(secctx, secctx_len);
+ }
return audit_buf;
}
Index: linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c
===================================================================
--- linux-2.6_secctx-leaks.orig/net/xfrm/xfrm_policy.c
+++ linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c
@@ -2195,9 +2195,10 @@ void xfrm_audit_log(uid_t auid, u32 sid,
}
if (sid != 0 &&
- security_secid_to_secctx(sid, &secctx, &secctx_len) == 0)
+ security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
- else
+ security_release_secctx(secctx, secctx_len);
+ } else
audit_log_task_context(audit_buf);
if (xp) {
--
paul moore
linux security @ hp
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 8+ messages in thread
* [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx()
@ 2007-08-01 15:12 ` Paul Moore
0 siblings, 0 replies; 8+ messages in thread
From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw)
To: netdev, selinux; +Cc: Paul Moore
[-- Attachment #1: network-audit_ctx_leaks --]
[-- Type: text/plain, Size: 1670 bytes --]
The security_secid_to_secctx() function returns memory that must be freed
by a call to security_release_secctx() which was not always happening. This
patch fixes two of these problems (all that I could find in the kernel source
at present).
Signed-off-by: Paul Moore <paul.moore@hp.com>
---
net/netlabel/netlabel_user.c | 4 +++-
net/xfrm/xfrm_policy.c | 5 +++--
2 files changed, 6 insertions(+), 3 deletions(-)
Index: linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c
===================================================================
--- linux-2.6_secctx-leaks.orig/net/netlabel/netlabel_user.c
+++ linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c
@@ -113,8 +113,10 @@ struct audit_buffer *netlbl_audit_start_
if (audit_info->secid != 0 &&
security_secid_to_secctx(audit_info->secid,
&secctx,
- &secctx_len) == 0)
+ &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
+ security_release_secctx(secctx, secctx_len);
+ }
return audit_buf;
}
Index: linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c
===================================================================
--- linux-2.6_secctx-leaks.orig/net/xfrm/xfrm_policy.c
+++ linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c
@@ -2195,9 +2195,10 @@ void xfrm_audit_log(uid_t auid, u32 sid,
}
if (sid != 0 &&
- security_secid_to_secctx(sid, &secctx, &secctx_len) == 0)
+ security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
- else
+ security_release_secctx(secctx, secctx_len);
+ } else
audit_log_task_context(audit_buf);
if (xp) {
--
paul moore
linux security @ hp
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx()
2007-08-01 15:12 ` Paul Moore
@ 2007-08-02 0:05 ` James Morris
-1 siblings, 0 replies; 8+ messages in thread
From: James Morris @ 2007-08-02 0:05 UTC (permalink / raw)
To: Paul Moore; +Cc: netdev, selinux
Both patches applied to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
--
James Morris
<jmorris@namei.org>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx()
@ 2007-08-02 0:05 ` James Morris
0 siblings, 0 replies; 8+ messages in thread
From: James Morris @ 2007-08-02 0:05 UTC (permalink / raw)
To: Paul Moore; +Cc: netdev, selinux
Both patches applied to:
git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm
--
James Morris
<jmorris@namei.org>
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2007-08-02 0:13 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-01 15:12 [PATCH 0/2] Small memory-leak patchset Paul Moore
2007-08-01 15:12 ` Paul Moore
2007-08-01 15:12 ` [PATCH 1/2] SELinux: remove redundant pointer checks before calling kfree() Paul Moore
2007-08-01 15:12 ` Paul Moore
2007-08-01 15:12 ` [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx() Paul Moore
2007-08-01 15:12 ` Paul Moore
2007-08-02 0:05 ` James Morris
2007-08-02 0:05 ` James Morris
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.