summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Carpenter <error27@gmail.com>2010-03-13 12:14:22 +0100
committerJames Morris <jmorris@namei.org>2010-03-14 21:51:29 +0100
commit181427a7e01beab76c789414334375839f026128 (patch)
tree3a50a93331b536b80d9c393a034489c9678d8a13
parentMerge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/ker... (diff)
downloadlinux-181427a7e01beab76c789414334375839f026128.tar.xz
linux-181427a7e01beab76c789414334375839f026128.zip
tomoyo: fix potential use after free
The original code returns a freed pointer. This function is expected to return NULL on errors. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/tomoyo/common.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index ff51f1026b57..ef89947a774b 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -886,6 +886,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
ptr = kmalloc(sizeof(*ptr), GFP_KERNEL);
if (!tomoyo_memory_ok(ptr)) {
kfree(ptr);
+ ptr = NULL;
goto ok;
}
for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)