forked from Minki/linux
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6: Net/Security: fix memory leaks from security_secid_to_secctx() SELinux: remove redundant pointer checks before calling kfree() SELinux: restore proper NetLabel caching behavior
This commit is contained in:
commit
160d6aaf60
@ -132,6 +132,8 @@ struct netlbl_lsm_secattr_catmap {
|
||||
#define NETLBL_SECATTR_CACHE 0x00000002
|
||||
#define NETLBL_SECATTR_MLS_LVL 0x00000004
|
||||
#define NETLBL_SECATTR_MLS_CAT 0x00000008
|
||||
#define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \
|
||||
NETLBL_SECATTR_MLS_CAT)
|
||||
struct netlbl_lsm_secattr {
|
||||
u32 flags;
|
||||
|
||||
|
@ -113,8 +113,10 @@ struct audit_buffer *netlbl_audit_start_common(int type,
|
||||
if (audit_info->secid != 0 &&
|
||||
security_secid_to_secctx(audit_info->secid,
|
||||
&secctx,
|
||||
&secctx_len) == 0)
|
||||
&secctx_len) == 0) {
|
||||
audit_log_format(audit_buf, " subj=%s", secctx);
|
||||
security_release_secctx(secctx, secctx_len);
|
||||
}
|
||||
|
||||
return audit_buf;
|
||||
}
|
||||
|
@ -2195,9 +2195,10 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
|
||||
}
|
||||
|
||||
if (sid != 0 &&
|
||||
security_secid_to_secctx(sid, &secctx, &secctx_len) == 0)
|
||||
security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) {
|
||||
audit_log_format(audit_buf, " subj=%s", secctx);
|
||||
else
|
||||
security_release_secctx(secctx, secctx_len);
|
||||
} else
|
||||
audit_log_task_context(audit_buf);
|
||||
|
||||
if (xp) {
|
||||
|
@ -4658,8 +4658,7 @@ static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen)
|
||||
|
||||
static void selinux_release_secctx(char *secdata, u32 seclen)
|
||||
{
|
||||
if (secdata)
|
||||
kfree(secdata);
|
||||
kfree(secdata);
|
||||
}
|
||||
|
||||
#ifdef CONFIG_KEYS
|
||||
|
@ -162,9 +162,13 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid)
|
||||
|
||||
netlbl_secattr_init(&secattr);
|
||||
rc = netlbl_skbuff_getattr(skb, &secattr);
|
||||
if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
|
||||
if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {
|
||||
rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid);
|
||||
else
|
||||
if (rc == 0 &&
|
||||
(secattr.flags & NETLBL_SECATTR_CACHEABLE) &&
|
||||
(secattr.flags & NETLBL_SECATTR_CACHE))
|
||||
netlbl_cache_add(skb, &secattr);
|
||||
} else
|
||||
*sid = SECSID_NULL;
|
||||
netlbl_secattr_destroy(&secattr);
|
||||
|
||||
@ -307,11 +311,15 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec,
|
||||
|
||||
netlbl_secattr_init(&secattr);
|
||||
rc = netlbl_skbuff_getattr(skb, &secattr);
|
||||
if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE)
|
||||
if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) {
|
||||
rc = security_netlbl_secattr_to_sid(&secattr,
|
||||
SECINITSID_NETMSG,
|
||||
&nlbl_sid);
|
||||
else
|
||||
if (rc == 0 &&
|
||||
(secattr.flags & NETLBL_SECATTR_CACHEABLE) &&
|
||||
(secattr.flags & NETLBL_SECATTR_CACHE))
|
||||
netlbl_cache_add(skb, &secattr);
|
||||
} else
|
||||
nlbl_sid = SECINITSID_UNLABELED;
|
||||
netlbl_secattr_destroy(&secattr);
|
||||
if (rc != 0)
|
||||
|
Loading…
Reference in New Issue
Block a user