summaryrefslogtreecommitdiffstats
path: root/net/xfrm
diff options
context:
space:
mode:
authorTrent Jaeger <tjaeger@cse.psu.edu>2006-01-06 22:22:39 +0100
committerDavid S. Miller <davem@davemloft.net>2006-01-06 22:22:39 +0100
commit5f8ac64b15172c7ced7d7990eb28342092bc751b (patch)
tree63046817c9a6e8db513379337f01289c045a5d63 /net/xfrm
parent[PKTGEN]: Adds missing __init. (diff)
downloadlinux-5f8ac64b15172c7ced7d7990eb28342092bc751b.tar.xz
linux-5f8ac64b15172c7ced7d7990eb28342092bc751b.zip
[LSM-IPSec]: Corrections to LSM-IPSec Nethooks
This patch contains two corrections to the LSM-IPsec Nethooks patches previously applied. (1) free a security context on a failed insert via xfrm_user interface in xfrm_add_policy. Memory leak. (2) change the authorization of the allocation of a security context in a xfrm_policy or xfrm_state from both relabelfrom and relabelto to setcontext. Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu> Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r--net/xfrm/xfrm_user.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 92e2b804c606..ac87a09ba83e 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -802,6 +802,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
err = xfrm_policy_insert(p->dir, xp, excl);
if (err) {
+ security_xfrm_policy_free(xp);
kfree(xp);
return err;
}