Fix a bug and a philosophical decision about who handles errors.
security_context_to_sid_core() was leaking a context in the common case.
This was causing problems on fedora systems which recently have started
making extensive use of this function.
In discussion it was decided that if string_to_context_struct() had an
error it was its own responsibility to clean up any mess it created
along the way. Remember that it is perfectly safe to call
context_destroy() on the same context twice and so this will not
introduce any double frees or cause issues with the other change.
Signed-off-by: Eric Paris <eparis@xxxxxxxxxx>
---
Note that the last version was safe, didn't break anything, and fixed
the problem. This one is just cleaner and makes the choice to not force
callers to handle errors.
security/selinux/ss/services.c | 6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index b52f923..736a066 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -811,11 +811,12 @@ static int string_to_context_struct(struct policydb *pol,
/* Check the validity of the new context. */
if (!policydb_context_isvalid(pol, ctx)) {
rc = -EINVAL;
- context_destroy(ctx);
goto out;
}
rc = 0;
out:
+ if (rc)
+ context_destroy(ctx);
return rc;
}
@@ -868,10 +869,9 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
} else if (rc)
goto out;
rc = sidtab_context_to_sid(&sidtab, &context, sid);
- if (rc)
- context_destroy(&context);
out:
read_unlock(&policy_rwlock);
+ context_destroy(&context);
kfree(scontext2);
kfree(str);
return rc;
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
