Re: [PATCH 1/1] selinux: fix double free

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 


>> +++ b/security/selinux/ss/services.c
>> @@ -2888,8 +2888,12 @@ int security_get_bools(struct selinux_state *state,
>>         if (*names) {
>>                 for (i = 0; i < *len; i++)
>>                         kfree((*names)[i]);
>> +               kfree(names);
> kfree(*names)?

Yes.

> kfree(*values);
>> +       *len = 0;
>> +       *names = NULL;
>> +       *values = NULL;
>>         goto out;
>>  }
> Wondering if the caller handling ought to be changed too even though
> this should avoid the problem.
>
The poisoning of the returns avoids this.
[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux