summaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
authorPaul Moore <paul.moore@hp.com>2007-08-01 17:12:59 +0200
committerJames Morris <jmorris@namei.org>2007-08-02 17:52:26 +0200
commite6e0871cce2ae04f5790543ad2f4ec36b23260ba (patch)
tree0af9d48482dbdb8b949fb673eb5bf48fd5611cc5 /net/xfrm
parentSELinux: remove redundant pointer checks before calling kfree() (diff)
downloadlinux-e6e0871cce2ae04f5790543ad2f4ec36b23260ba.tar.xz
linux-e6e0871cce2ae04f5790543ad2f4ec36b23260ba.zip
Net/Security: fix memory leaks from security_secid_to_secctx()
The security_secid_to_secctx() function returns memory that must be freed by a call to security_release_secctx() which was not always happening. This patch fixes two of these problems (all that I could find in the kernel source at present). Signed-off-by: Paul Moore <paul.moore@hp.com> Acked-by: Stephen Smalley <sds@tycho.nsa.gov> Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_policy.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c
index 95a47304336d..e5a3be03aa0d 100644
--- a/net/xfrm/xfrm_policy.c
+++ b/net/xfrm/xfrm_policy.c
@@ -2195,9 +2195,10 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result,
}
if (sid != 0 &&
- security_secid_to_secctx(sid, &secctx, &secctx_len) == 0)
+ security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
- else
+ security_release_secctx(secctx, secctx_len);
+ } else
audit_log_task_context(audit_buf);
if (xp) {