diff options
author | Dan Carpenter <error27@gmail.com> | 2010-03-13 12:14:22 +0100 |
---|---|---|
committer | James Morris <jmorris@namei.org> | 2010-03-14 21:51:29 +0100 |
commit | 181427a7e01beab76c789414334375839f026128 (patch) | |
tree | 3a50a93331b536b80d9c393a034489c9678d8a13 | |
parent | Merge branch 'core-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/ker... (diff) | |
download | linux-181427a7e01beab76c789414334375839f026128.tar.xz linux-181427a7e01beab76c789414334375839f026128.zip |
tomoyo: fix potential use after free
The original code returns a freed pointer. This function is expected to
return NULL on errors.
Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r-- | security/tomoyo/common.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index ff51f1026b57..ef89947a774b 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -886,6 +886,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned ptr = kmalloc(sizeof(*ptr), GFP_KERNEL); if (!tomoyo_memory_ok(ptr)) { kfree(ptr); + ptr = NULL; goto ok; } for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++) |