Thanks for the report. (Cc'd to the SELinux list).
On Mon, 10 Aug 2009, iceberg wrote:
> KERNEL_VERSION: 2.6.30.4
> SUBJECT: in function inode_doinit_with_dentry memory is not released
> on error path (if rc<0).
> DESCRIBE:
> In ./security/selinux/hooks.c in function inode_doinit_with_dentry:
> 1. If in the line 1278 we successfully allocate memory and assign it to
> context variablehen
> 2. if in the line 1284 getxattr returns -ERANGE and
> 3. if in the line 1288 getxattr returns rc<0
> then we go to out_unlock without releasing memory pointed to by context
> variable.
>
> 1278 context = kmalloc(len, GFP_NOFS);
> 1279 if (!context) {
> 1280 rc = -ENOMEM;
> 1281 dput(dentry);
> 1282 goto out_unlock;
> 1283 }
> 1284 rc = inode->i_op->getxattr(dentry, XATTR_NAME_SELINUX,
> 1285 context, len);
> 1286 if (rc == -ERANGE) {
> 1287 /* Need a larger buffer. Query for the
> right size. */
> 1288 rc = inode->i_op->getxattr(dentry,
> XATTR_NAME_SELINUX,
> 1289 NULL, 0);
> 1290 if (rc < 0) {
> 1291 dput(dentry);
> 1292 goto out_unlock;
> 1293 }
> 1294 kfree(context);
> 1295 len = rc;
> 1296 context = kmalloc(len, GFP_NOFS);
>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.tux.org/lkml/
>
--
James Morris
<jmorris@xxxxxxxxx>
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.
