[PATCH 0/2] Small memory-leak patchset

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

* [PATCH 0/2] Small memory-leak patchset
@ 2007-08-01 15:12 Paul Moore
  2007-08-01 15:12 ` [PATCH 1/2] SELinux: remove redundant pointer checks before calling kfree() Paul Moore
  2007-08-01 15:12 ` [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx() Paul Moore
  0 siblings, 2 replies; 4+ messages in thread
From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw)
  To: netdev, selinux

While doing some other work I found some small memory leaks with the way
we are using security_secid_to_secctx() in some of the auditing code paths.
We also had a redundant NULL pointer check in the SELinux function which frees
the leaked memory.  This patchset fixes both of these issues.

This patchset is backed against Linus' tree from this morning and has been
lightly tested.

-- 
paul moore
linux security @ hp

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 1/2] SELinux: remove redundant pointer checks before calling kfree()
  2007-08-01 15:12 [PATCH 0/2] Small memory-leak patchset Paul Moore
@ 2007-08-01 15:12 ` Paul Moore
  2007-08-01 15:12 ` [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx() Paul Moore
  1 sibling, 0 replies; 4+ messages in thread
From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw)
  To: netdev, selinux; +Cc: Paul Moore

[-- Attachment #1: selinux-kfree_check --]
[-- Type: text/plain, Size: 678 bytes --]

We don't need to check for NULL pointers before calling kfree().

Signed-off-by: Paul Moore <paul.moore@hp.com>
---
 security/selinux/hooks.c |    3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

Index: linux-2.6_secctx-leaks/security/selinux/hooks.c
===================================================================
--- linux-2.6_secctx-leaks.orig/security/selinux/hooks.c
+++ linux-2.6_secctx-leaks/security/selinux/hooks.c
@@ -4658,8 +4658,7 @@ static int selinux_secid_to_secctx(u32 s
 
 static void selinux_release_secctx(char *secdata, u32 seclen)
 {
-	if (secdata)
-		kfree(secdata);
+	kfree(secdata);
 }
 
 #ifdef CONFIG_KEYS

-- 
paul moore
linux security @ hp

^ permalink raw reply	[flat|nested] 4+ messages in thread

* [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx()
  2007-08-01 15:12 [PATCH 0/2] Small memory-leak patchset Paul Moore
  2007-08-01 15:12 ` [PATCH 1/2] SELinux: remove redundant pointer checks before calling kfree() Paul Moore
@ 2007-08-01 15:12 ` Paul Moore
  2007-08-02  0:05   ` James Morris
  1 sibling, 1 reply; 4+ messages in thread
From: Paul Moore @ 2007-08-01 15:12 UTC (permalink / raw)
  To: netdev, selinux; +Cc: Paul Moore

[-- Attachment #1: network-audit_ctx_leaks --]
[-- Type: text/plain, Size: 1670 bytes --]

The security_secid_to_secctx() function returns memory that must be freed
by a call to security_release_secctx() which was not always happening.  This
patch fixes two of these problems (all that I could find in the kernel source
at present).

Signed-off-by: Paul Moore <paul.moore@hp.com>
---
 net/netlabel/netlabel_user.c |    4 +++-
 net/xfrm/xfrm_policy.c       |    5 +++--
 2 files changed, 6 insertions(+), 3 deletions(-)

Index: linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c
===================================================================
--- linux-2.6_secctx-leaks.orig/net/netlabel/netlabel_user.c
+++ linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c
@@ -113,8 +113,10 @@ struct audit_buffer *netlbl_audit_start_
 	if (audit_info->secid != 0 &&
 	    security_secid_to_secctx(audit_info->secid,
 				     &secctx,
-				     &secctx_len) == 0)
+				     &secctx_len) == 0) {
 		audit_log_format(audit_buf, " subj=%s", secctx);
+		security_release_secctx(secctx, secctx_len);
+	}
 
 	return audit_buf;
 }
Index: linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c
===================================================================
--- linux-2.6_secctx-leaks.orig/net/xfrm/xfrm_policy.c
+++ linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c
@@ -2195,9 +2195,10 @@ void xfrm_audit_log(uid_t auid, u32 sid,
 	}
 
 	if (sid != 0 &&
-		security_secid_to_secctx(sid, &secctx, &secctx_len) == 0)
+	    security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) {
 		audit_log_format(audit_buf, " subj=%s", secctx);
-	else
+		security_release_secctx(secctx, secctx_len);
+	} else
 		audit_log_task_context(audit_buf);
 
 	if (xp) {

-- 
paul moore
linux security @ hp

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx()
  2007-08-01 15:12 ` [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx() Paul Moore
@ 2007-08-02  0:05   ` James Morris
  0 siblings, 0 replies; 4+ messages in thread
From: James Morris @ 2007-08-02  0:05 UTC (permalink / raw)
  To: Paul Moore; +Cc: netdev, selinux

Both patches applied to:

git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6.git#for-akpm



-- 
James Morris
<jmorris@namei.org>

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2007-08-02  0:13 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-01 15:12 [PATCH 0/2] Small memory-leak patchset Paul Moore
2007-08-01 15:12 ` [PATCH 1/2] SELinux: remove redundant pointer checks before calling kfree() Paul Moore
2007-08-01 15:12 ` [PATCH 2/2] NET: fix memory leaks from security_secid_to_secctx() Paul Moore
2007-08-02  0:05   ` James Morris

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).