From: Paul Moore <paul.moore@hp.com>
To: Adrian Bunk <bunk@kernel.org>
Cc: James Morris <jmorris@namei.org>,
sds@tycho.nsa.gov, eparis@parisplace.org, netdev@vger.kernel.org,
linux-kernel@vger.kernel.org
Subject: Re: [2.6 patch] security/selinux/netlabel.c: fix double free
Date: Mon, 28 Jan 2008 17:23:46 -0500 [thread overview]
Message-ID: <200801281723.46273.paul.moore@hp.com> (raw)
In-Reply-To: <20080128220938.GH8767@does.not.exist>
On Monday 28 January 2008 5:09:38 pm Adrian Bunk wrote:
> This patch fixes a double free (security_netlbl_sid_to_secattr()
> already calls netlbl_secattr_destroy() when it returns !0) introduced
> by commit 45c950e0f839fded922ebc0bfd59b1081cc71b70 and spotted by the
> Coverity checker.
Hi Adrian,
Thanks for finding this mistake, however, I'd rather see it fixed by
removing the netlbl_secattr_destroy() call in
security_netlbl_sid_to_secattr() as it really shouldn't be there
anymore. We moved the matching _init() call into
selinux_netlbl_sock_setsid() and I'd like to see the _init() and
_destroy() calls done in the same function. I can push a revised patch
for this if you would prefer, otherwise I'll be happy to ack an updated
version ...
> Signed-off-by: Adrian Bunk <bunk@kernel.org>
>
> ---
> --- linux-2.6/security/selinux/netlabel.c.old 2008-01-23
> 00:38:19.000000000 +0200 +++
> linux-2.6/security/selinux/netlabel.c 2008-01-23 00:39:09.000000000
> +0200 @@ -58,22 +58,22 @@ static int selinux_netlbl_sock_setsid(st rc
> = security_netlbl_sid_to_secattr(sid, &secattr);
> if (rc != 0)
> goto sock_setsid_return;
> rc = netlbl_sock_setattr(sk, &secattr);
> if (rc == 0) {
> spin_lock_bh(&sksec->nlbl_lock);
> sksec->nlbl_state = NLBL_LABELED;
> spin_unlock_bh(&sksec->nlbl_lock);
> }
>
> -sock_setsid_return:
> netlbl_secattr_destroy(&secattr);
> +sock_setsid_return:
> return rc;
> }
>
> /**
> * selinux_netlbl_cache_invalidate - Invalidate the NetLabel cache
> *
> * Description:
> * Invalidate the NetLabel security attribute mapping cache.
> *
> */
--
paul moore
linux security @ hp
next prev parent reply other threads:[~2008-01-28 22:23 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-01-28 22:09 [2.6 patch] security/selinux/netlabel.c: fix double free Adrian Bunk
2008-01-28 22:23 ` Paul Moore [this message]
2008-01-28 22:35 ` Adrian Bunk
2008-01-28 22:39 ` Paul Moore
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=200801281723.46273.paul.moore@hp.com \
--to=paul.moore@hp.com \
--cc=bunk@kernel.org \
--cc=eparis@parisplace.org \
--cc=jmorris@namei.org \
--cc=linux-kernel@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=sds@tycho.nsa.gov \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).