summaryrefslogtreecommitdiffstats
path: root/security/apparmor
diff options
context:
space:
mode:
authorLinus Torvalds <torvalds@linux-foundation.org>2019-03-13 19:07:36 +0100
committerLinus Torvalds <torvalds@linux-foundation.org>2019-03-13 19:07:36 +0100
commit8636b1dbce854363cd98922b3e4b49a603c4d5fd (patch)
tree5e5ea62866a58d613842a488db56e792b6fad33b /security/apparmor
parentMerge tag 'kconfig-v5.1' of git://git.kernel.org/pub/scm/linux/kernel/git/mas... (diff)
parentapparmor: fix double free when unpack of secmark rules fails (diff)
downloadlinux-8636b1dbce854363cd98922b3e4b49a603c4d5fd.tar.xz
linux-8636b1dbce854363cd98922b3e4b49a603c4d5fd.zip
Merge tag 'apparmor-pr-2019-03-12' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor
Pull apparmor fixes from John Johansen: - fix double when failing to unpack secmark rules in policy - fix leak of dentry when profile is removed * tag 'apparmor-pr-2019-03-12' of git://git.kernel.org/pub/scm/linux/kernel/git/jj/linux-apparmor: apparmor: fix double free when unpack of secmark rules fails apparmor: delete the dentry in aafs_remove() to avoid a leak apparmor: Fix warning about unused function apparmor_ipv6_postroute
Diffstat (limited to 'security/apparmor')
-rw-r--r--security/apparmor/apparmorfs.c1
-rw-r--r--security/apparmor/policy_unpack.c1
2 files changed, 2 insertions, 0 deletions
diff --git a/security/apparmor/apparmorfs.c b/security/apparmor/apparmorfs.c
index 3f80a684c232..fefee040bf79 100644
--- a/security/apparmor/apparmorfs.c
+++ b/security/apparmor/apparmorfs.c
@@ -356,6 +356,7 @@ static void aafs_remove(struct dentry *dentry)
simple_rmdir(dir, dentry);
else
simple_unlink(dir, dentry);
+ d_delete(dentry);
dput(dentry);
}
inode_unlock(dir);
diff --git a/security/apparmor/policy_unpack.c b/security/apparmor/policy_unpack.c
index 379682e2a8d5..f6c2bcb2ab14 100644
--- a/security/apparmor/policy_unpack.c
+++ b/security/apparmor/policy_unpack.c
@@ -579,6 +579,7 @@ fail:
kfree(profile->secmark[i].label);
kfree(profile->secmark);
profile->secmark_count = 0;
+ profile->secmark = NULL;
}
e->pos = pos;