On Sunday, June 15, 2014 01:19:02 AM Namhyung Kim wrote: > The cond_read_node() should free the given node on error path as it's > not linked to p->cond_list yet. This is done via cond_node_destroy() > but it's not called when next_entry() fails before the expr loop. > > Signed-off-by: Namhyung Kim <namhyung@xxxxxxxxxx> > --- > security/selinux/ss/conditional.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Thanks, nice catch. This patch looks good to me but it is dependent on patch 1/2 which I commented on ... > diff --git a/security/selinux/ss/conditional.c > b/security/selinux/ss/conditional.c index 4766a38fae9a..470d5cca8d14 100644 > --- a/security/selinux/ss/conditional.c > +++ b/security/selinux/ss/conditional.c > @@ -404,7 +404,7 @@ static int cond_read_node(struct policydb *p, struct > cond_node *node, void *fp) > > rc = next_entry(buf, fp, sizeof(buf)); > if (rc) > - return rc; > + goto err; > > node->cur_state = le32_to_cpu(buf[0]); -- paul moore www.paul-moore.com _______________________________________________ Selinux mailing list Selinux@xxxxxxxxxxxxx To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx. To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
