diff options
author | Trent Jaeger <tjaeger@cse.psu.edu> | 2006-01-06 22:22:39 +0100 |
---|---|---|
committer | David S. Miller <davem@davemloft.net> | 2006-01-06 22:22:39 +0100 |
commit | 5f8ac64b15172c7ced7d7990eb28342092bc751b (patch) | |
tree | 63046817c9a6e8db513379337f01289c045a5d63 /net/xfrm | |
parent | [PKTGEN]: Adds missing __init. (diff) | |
download | linux-5f8ac64b15172c7ced7d7990eb28342092bc751b.tar.xz linux-5f8ac64b15172c7ced7d7990eb28342092bc751b.zip |
[LSM-IPSec]: Corrections to LSM-IPSec Nethooks
This patch contains two corrections to the LSM-IPsec Nethooks patches
previously applied.
(1) free a security context on a failed insert via xfrm_user
interface in xfrm_add_policy. Memory leak.
(2) change the authorization of the allocation of a security context
in a xfrm_policy or xfrm_state from both relabelfrom and relabelto
to setcontext.
Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
Diffstat (limited to 'net/xfrm')
-rw-r--r-- | net/xfrm/xfrm_user.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 92e2b804c606..ac87a09ba83e 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -802,6 +802,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; err = xfrm_policy_insert(p->dir, xp, excl); if (err) { + security_xfrm_policy_free(xp); kfree(xp); return err; } |