From: Paul Moore <paul.moore@hp.com>
To: Adrian Bunk <bunk@kernel.org>
Cc: James Morris <jmorris@namei.org>,
sds@tycho.nsa.gov, eparis@parisplace.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [2.6 patch] security/selinux/netlabel.c: fix double free
Date: Mon, 28 Jan 2008 17:23:46 -0500 [thread overview]
Message-ID: <200801281723.46273.paul.moore@hp.com> (raw)
In-Reply-To: <20080128220938.GH8767@does.not.exist>
On Monday 28 January 2008 5:09:38 pm Adrian Bunk wrote:
> This patch fixes a double free (security_netlbl_sid_to_secattr()
> already calls netlbl_secattr_destroy() when it returns !0) introduced
> by commit 45c950e0f839fded922ebc0bfd59b1081cc71b70 and spotted by the
> Coverity checker.
Hi Adrian,
Thanks for finding this mistake, however, I'd rather see it fixed by
removing the netlbl_secattr_destroy() call in
security_netlbl_sid_to_secattr() as it really shouldn't be there
anymore. We moved the matching _init() call into
selinux_netlbl_sock_setsid() and I'd like to see the _init() and
_destroy() calls done in the same function. I can push a revised patch
for this if you would prefer, otherwise I'll be happy to ack an updated
version ...
> Signed-off-by: Adrian Bunk <bunk@kernel.org>
>
> ---
> --- linux-2.6/security/selinux/netlabel.c.old 2008-01-23
> 00:38:19.000000000 +0200 +++
> linux-2.6/security/selinux/netlabel.c 2008-01-23 00:39:09.000000000
> +0200 @@ -58,22 +58,22 @@ static int selinux_netlbl_sock_setsid(st rc
> = security_netlbl_sid_to_secattr(sid, &secattr);
> if (rc != 0)
> goto sock_setsid_return;
> rc = netlbl_sock_setattr(sk, &secattr);
> if (rc == 0) {
> spin_lock_bh(&sksec->nlbl_lock);
> sksec->nlbl_state = NLBL_LABELED;
> spin_unlock_bh(&sksec->nlbl_lock);
> }
>
> -sock_setsid_return:
> netlbl_secattr_destroy(&secattr);
> +sock_setsid_return:
> return rc;
> }
>
> /**
> * selinux_netlbl_cache_invalidate - Invalidate the NetLabel cache
> *
> * Description:
> * Invalidate the NetLabel security attribute mapping cache.
> *
> */
--
paul moore
linux security @ hp
next prev parent reply other threads:[~2008-01-28 22:24 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-28 22:09 [2.6 patch] security/selinux/netlabel.c: fix double free Adrian Bunk
2008-01-28 22:23 ` Paul Moore [this message]
2008-01-28 22:35 ` Adrian Bunk
2008-01-28 22:39 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200801281723.46273.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=bunk@kernel.org \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.