From: Tomasz Stanislawski <t.stanislaws@samsung.com>
To: undisclosed-recipients:;
Cc: linux-security-module@vger.kernel.org, m.szyprowski@samsung.com,
kyungmin.park@samsung.com, r.krypa@samsung.com,
linux-kernel@vger.kernel.org, casey@schaufler-ca.com
Subject: [PATCH] security: smack: fix memleak in smk_write_rules_list()
Date: Wed, 19 Jun 2013 16:08:44 +0200 [thread overview]
Message-ID: <51C1BB6C.8010105@samsung.com> (raw)
In-Reply-To: <1371137352-31273-1-git-send-email-t.stanislaws@samsung.com>
>From 8497987bedf8821db3dce47a6205dfce2b0895c5 Mon Sep 17 00:00:00 2001
From: Tomasz Stanislawski <t.stanislaws@samsung.com>
Date: Thu, 6 Jun 2013 09:30:50 +0200
Subject: [PATCH] security: smack: fix memleak in smk_write_rules_list()
The smack_parsed_rule structure is allocated. If a rule is successfully
installed then the last reference to the object is lost. This patch fixes this
leak. Moreover smack_parsed_rule is allocated on stack because it no longer
needed ofter smk_write_rules_list() is finished.
Signed-off-by: Tomasz Stanislawski <t.stanislaws@samsung.com>
---
security/smack/smackfs.c | 30 ++++++++++--------------------
1 file changed, 10 insertions(+), 20 deletions(-)
diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c
index 53a08b8..08aebc2 100644
--- a/security/smack/smackfs.c
+++ b/security/smack/smackfs.c
@@ -446,7 +446,7 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
struct mutex *rule_lock, int format)
{
struct smack_known *skp;
- struct smack_parsed_rule *rule;
+ struct smack_parsed_rule rule;
char *data;
int datalen;
int rc = -EINVAL;
@@ -478,49 +478,39 @@ static ssize_t smk_write_rules_list(struct file *file, const char __user *buf,
goto out;
}
- rule = kzalloc(sizeof(*rule), GFP_KERNEL);
- if (rule == NULL) {
- rc = -ENOMEM;
- goto out;
- }
-
if (format == SMK_LONG_FMT) {
/*
* Be sure the data string is terminated.
*/
data[count] = '\0';
- if (smk_parse_long_rule(data, rule, 1, 0))
- goto out_free_rule;
+ if (smk_parse_long_rule(data, &rule, 1, 0))
+ goto out;
} else if (format == SMK_CHANGE_FMT) {
data[count] = '\0';
- if (smk_parse_long_rule(data, rule, 1, 1))
- goto out_free_rule;
+ if (smk_parse_long_rule(data, &rule, 1, 1))
+ goto out;
} else {
/*
* More on the minor hack for backward compatibility
*/
if (count == (SMK_OLOADLEN))
data[SMK_OLOADLEN] = '-';
- if (smk_parse_rule(data, rule, 1))
- goto out_free_rule;
+ if (smk_parse_rule(data, &rule, 1))
+ goto out;
}
if (rule_list == NULL) {
load = 1;
- skp = smk_find_entry(rule->smk_subject);
+ skp = smk_find_entry(rule.smk_subject);
rule_list = &skp->smk_rules;
rule_lock = &skp->smk_rules_lock;
}
- rc = smk_set_access(rule, rule_list, rule_lock, load);
- if (rc == 0) {
+ rc = smk_set_access(&rule, rule_list, rule_lock, load);
+ if (rc == 0)
rc = count;
- goto out;
- }
-out_free_rule:
- kfree(rule);
out:
kfree(data);
return rc;
--
1.7.9.5
next prev parent reply other threads:[~2013-06-19 14:08 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2013-06-13 15:29 [RFC 0/5] Optimizations for memory handling in smk_write_rules_list() Tomasz Stanislawski
2013-06-13 15:29 ` [RFC 1/5] security: smack: avoid kmalloc allocations while loading a rule string Tomasz Stanislawski
2013-06-15 19:32 ` Casey Schaufler
2013-06-17 11:24 ` Tomasz Stanislawski
2013-06-17 22:38 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 2/5] security: smack: avoid kmalloc() in smk_parse_long_rule() Tomasz Stanislawski
2013-06-15 19:41 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 3/5] security: smack: fix memleak in smk_write_rules_list() Tomasz Stanislawski
2013-06-15 19:54 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 4/5] security: smack: add kmem_cache for smack_rule allocations Tomasz Stanislawski
2013-06-15 20:00 ` Casey Schaufler
2013-06-13 15:29 ` [RFC 5/5] security: smack: add kmem_cache for smack_master_list allocations Tomasz Stanislawski
2013-06-15 20:08 ` Casey Schaufler
2013-06-19 14:08 ` Tomasz Stanislawski [this message]
2013-06-28 19:33 ` [PATCH] security: smack: fix memleak in smk_write_rules_list() Casey Schaufler
2013-08-01 20:01 ` Casey Schaufler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=51C1BB6C.8010105@samsung.com \
--to=t.stanislaws@samsung.com \
--cc=casey@schaufler-ca.com \
--cc=kyungmin.park@samsung.com \
--cc=linux-kernel@vger.kernel.org \
--cc=linux-security-module@vger.kernel.org \
--cc=m.szyprowski@samsung.com \
--cc=r.krypa@samsung.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.