diff options
author | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-08-02 11:14:54 -0700 |
---|---|---|
committer | Linus Torvalds <torvalds@woody.linux-foundation.org> | 2007-08-02 11:14:54 -0700 |
commit | 160d6aaf60d75b71a48223b5bdc29285e18cff07 (patch) | |
tree | 62b9b82059dc3fd8353f9daf7f83da4293f7a493 | |
parent | 22f675f320f721e9eaa2bbf7b883316b408c6c8f (diff) | |
parent | e6e0871cce2ae04f5790543ad2f4ec36b23260ba (diff) | |
download | kernel_samsung_smdk4412-160d6aaf60d75b71a48223b5bdc29285e18cff07.zip kernel_samsung_smdk4412-160d6aaf60d75b71a48223b5bdc29285e18cff07.tar.gz kernel_samsung_smdk4412-160d6aaf60d75b71a48223b5bdc29285e18cff07.tar.bz2 |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
Net/Security: fix memory leaks from security_secid_to_secctx()
SELinux: remove redundant pointer checks before calling kfree()
SELinux: restore proper NetLabel caching behavior
-rw-r--r-- | include/net/netlabel.h | 2 | ||||
-rw-r--r-- | net/netlabel/netlabel_user.c | 4 | ||||
-rw-r--r-- | net/xfrm/xfrm_policy.c | 5 | ||||
-rw-r--r-- | security/selinux/hooks.c | 3 | ||||
-rw-r--r-- | security/selinux/netlabel.c | 16 |
5 files changed, 21 insertions, 9 deletions
diff --git a/include/net/netlabel.h b/include/net/netlabel.h index ffbc7f2..2e5b2f6 100644 --- a/include/net/netlabel.h +++ b/include/net/netlabel.h @@ -132,6 +132,8 @@ struct netlbl_lsm_secattr_catmap { #define NETLBL_SECATTR_CACHE 0x00000002 #define NETLBL_SECATTR_MLS_LVL 0x00000004 #define NETLBL_SECATTR_MLS_CAT 0x00000008 +#define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \ + NETLBL_SECATTR_MLS_CAT) struct netlbl_lsm_secattr { u32 flags; diff --git a/net/netlabel/netlabel_user.c b/net/netlabel/netlabel_user.c index 89dcc48..85a96a3 100644 --- a/net/netlabel/netlabel_user.c +++ b/net/netlabel/netlabel_user.c @@ -113,8 +113,10 @@ struct audit_buffer *netlbl_audit_start_common(int type, if (audit_info->secid != 0 && security_secid_to_secctx(audit_info->secid, &secctx, - &secctx_len) == 0) + &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); + security_release_secctx(secctx, secctx_len); + } return audit_buf; } diff --git a/net/xfrm/xfrm_policy.c b/net/xfrm/xfrm_policy.c index 95a4730..e5a3be0 100644 --- a/net/xfrm/xfrm_policy.c +++ b/net/xfrm/xfrm_policy.c @@ -2195,9 +2195,10 @@ void xfrm_audit_log(uid_t auid, u32 sid, int type, int result, } if (sid != 0 && - security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) + security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) { audit_log_format(audit_buf, " subj=%s", secctx); - else + security_release_secctx(secctx, secctx_len); + } else audit_log_task_context(audit_buf); if (xp) { diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 0fac682..6237933 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4658,8 +4658,7 @@ static int selinux_secid_to_secctx(u32 secid, char **secdata, u32 *seclen) static void selinux_release_secctx(char *secdata, u32 seclen) { - if (secdata) - kfree(secdata); + kfree(secdata); } #ifdef CONFIG_KEYS diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index 051b14c..d243ddc 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -162,9 +162,13 @@ int selinux_netlbl_skbuff_getsid(struct sk_buff *skb, u32 base_sid, u32 *sid) netlbl_secattr_init(&secattr); rc = netlbl_skbuff_getattr(skb, &secattr); - if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) + if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) { rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid); - else + if (rc == 0 && + (secattr.flags & NETLBL_SECATTR_CACHEABLE) && + (secattr.flags & NETLBL_SECATTR_CACHE)) + netlbl_cache_add(skb, &secattr); + } else *sid = SECSID_NULL; netlbl_secattr_destroy(&secattr); @@ -307,11 +311,15 @@ int selinux_netlbl_sock_rcv_skb(struct sk_security_struct *sksec, netlbl_secattr_init(&secattr); rc = netlbl_skbuff_getattr(skb, &secattr); - if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) + if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) { rc = security_netlbl_secattr_to_sid(&secattr, SECINITSID_NETMSG, &nlbl_sid); - else + if (rc == 0 && + (secattr.flags & NETLBL_SECATTR_CACHEABLE) && + (secattr.flags & NETLBL_SECATTR_CACHE)) + netlbl_cache_add(skb, &secattr); + } else nlbl_sid = SECINITSID_UNLABELED; netlbl_secattr_destroy(&secattr); if (rc != 0) |