LKML Archive on lore.kernel.org
help / color / mirror / Atom feed
* [PATCH] SELinux: Fix double free in selinux_netlbl_sock_setsid()
@ 2008-01-29  2:20 Paul Moore
  2008-01-29  3:51 ` David Miller
  0 siblings, 1 reply; 3+ messages in thread
From: Paul Moore @ 2008-01-29  2:20 UTC (permalink / raw)
  To: linux-kernel; +Cc: netdev, selinux, stable, bunk, jmorris

As pointed out by Adrian Bunk, commit 45c950e0f839fded922ebc0bfd59b1081cc71b70
caused a double-free when security_netlbl_sid_to_secattr() fails.  This patch
fixes this by removing the netlbl_secattr_destroy() call from that function
since we are already releasing the secattr memory in
selinux_netlbl_sock_setsid().

Signed-off-by: Paul Moore <paul.moore@hp.com>
---

 security/selinux/ss/services.c |    1 -
 1 files changed, 0 insertions(+), 1 deletions(-)

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4bf715d..3a16aba 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2629,7 +2629,6 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
 
 netlbl_sid_to_secattr_failure:
 	POLICY_RDUNLOCK;
-	netlbl_secattr_destroy(secattr);
 	return rc;
 }
 #endif /* CONFIG_NETLABEL */


^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] SELinux: Fix double free in selinux_netlbl_sock_setsid()
  2008-01-29  2:20 [PATCH] SELinux: Fix double free in selinux_netlbl_sock_setsid() Paul Moore
@ 2008-01-29  3:51 ` David Miller
  2008-01-29 17:13   ` Paul Moore
  0 siblings, 1 reply; 3+ messages in thread
From: David Miller @ 2008-01-29  3:51 UTC (permalink / raw)
  To: paul.moore; +Cc: linux-kernel, netdev, selinux, stable, bunk, jmorris

From: Paul Moore <paul.moore@hp.com>
Date: Mon, 28 Jan 2008 21:20:26 -0500

> As pointed out by Adrian Bunk, commit 45c950e0f839fded922ebc0bfd59b1081cc71b70
> caused a double-free when security_netlbl_sid_to_secattr() fails.  This patch
> fixes this by removing the netlbl_secattr_destroy() call from that function
> since we are already releasing the secattr memory in
> selinux_netlbl_sock_setsid().
> 
> Signed-off-by: Paul Moore <paul.moore@hp.com>

Applied, and I'll queue this up for -stable too.

Please, when mentioning specific commits please also provide
the changelog headline along with the SHA1 hash.

The reason is that when this fix is moved over to another
tree where the SHA1 of the causing change is different people
studying your fix won't be able to find it without more stable
contextual information.

Thanks.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: [PATCH] SELinux: Fix double free in selinux_netlbl_sock_setsid()
  2008-01-29  3:51 ` David Miller
@ 2008-01-29 17:13   ` Paul Moore
  0 siblings, 0 replies; 3+ messages in thread
From: Paul Moore @ 2008-01-29 17:13 UTC (permalink / raw)
  To: David Miller; +Cc: linux-kernel, netdev, selinux, bunk, jmorris

On Monday 28 January 2008 10:51:24 pm David Miller wrote:
> From: Paul Moore <paul.moore@hp.com>
> Date: Mon, 28 Jan 2008 21:20:26 -0500
>
> > As pointed out by Adrian Bunk, commit
> > 45c950e0f839fded922ebc0bfd59b1081cc71b70 caused a double-free when
> > security_netlbl_sid_to_secattr() fails.  This patch fixes this by
> > removing the netlbl_secattr_destroy() call from that function since we
> > are already releasing the secattr memory in
> > selinux_netlbl_sock_setsid().
> >
> > Signed-off-by: Paul Moore <paul.moore@hp.com>
>
> Applied, and I'll queue this up for -stable too.

Thanks.  Sorry for not catching this in the first place.

> Please, when mentioning specific commits please also provide
> the changelog headline along with the SHA1 hash.
>
> The reason is that when this fix is moved over to another
> tree where the SHA1 of the causing change is different people
> studying your fix won't be able to find it without more stable
> contextual information.

Noted, I'll make sure to include the patch description in the future.  I 
wasn't aware that the hash took into account anything other than the 
individual commit it represented.  However, now that I think about it, since 
order is so critical it only makes sense to have the hash take into account 
at least the previous commit.

-- 
paul moore
linux security @ hp

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, other threads:[~2008-01-29 17:14 UTC | newest]

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2008-01-29  2:20 [PATCH] SELinux: Fix double free in selinux_netlbl_sock_setsid() Paul Moore
2008-01-29  3:51 ` David Miller
2008-01-29 17:13   ` Paul Moore

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).