summaryrefslogtreecommitdiffstats
path: root/kernel/nsproxy.c
diff options
context:
space:
mode:
authorDavid Howells <dhowells@redhat.com>2010-04-20 23:41:18 +0200
committerJames Morris <jmorris@namei.org>2010-04-21 01:20:35 +0200
commiteff30363c0b8b057f773108589bfd8881659fe74 (patch)
tree6ae631c2fa01174a24da347b68fc25f0c350bc2b /kernel/nsproxy.c
parentMerge branch 'for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jac... (diff)
downloadlinux-eff30363c0b8b057f773108589bfd8881659fe74.tar.xz
linux-eff30363c0b8b057f773108589bfd8881659fe74.zip
CRED: Fix double free in prepare_usermodehelper_creds() error handling
Patch 570b8fb505896e007fd3bb07573ba6640e51851d: Author: Mathieu Desnoyers <mathieu.desnoyers@efficios.com> Date: Tue Mar 30 00:04:00 2010 +0100 Subject: CRED: Fix memory leak in error handling attempts to fix a memory leak in the error handling by making the offending return statement into a jump down to the bottom of the function where a kfree(tgcred) is inserted. This is, however, incorrect, as it does a kfree() after doing put_cred() if security_prepare_creds() fails. That will result in a double free if 'error' is jumped to as put_cred() will also attempt to free the new tgcred record by virtue of it being pointed to by the new cred record. Signed-off-by: David Howells <dhowells@redhat.com> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'kernel/nsproxy.c')
0 files changed, 0 insertions, 0 deletions