Re: [PATCH 1/1] selinux: fix double free

From: Tom Rix
Date: Wed Jun 10 2020 - 16:00:44 EST

Next message: Markus Elfring: "Re: exfat: add missing brelse() calls on error paths"
Previous message: Vivek Goyal: "Re: [PATCH 2/2] KVM: async_pf: Inject 'page ready' event only if 'page not present' was previously injected"
In reply to: Stephen Smalley: "Re: [PATCH 1/1] selinux: fix double free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

>> +++ b/security/selinux/ss/services.c
>> @@ -2888,8 +2888,12 @@ int security_get_bools(struct selinux_state *state,
>> if (*names) {
>> for (i = 0; i < *len; i++)
>> kfree((*names)[i]);
>> + kfree(names);
> kfree(*names)?

Yes.

> kfree(*values);
>> + *len = 0;
>> + *names = NULL;
>> + *values = NULL;
>> goto out;
>> }
> Wondering if the caller handling ought to be changed too even though
> this should avoid the problem.
>
The poisoning of the returns avoids this.

Next message: Markus Elfring: "Re: exfat: add missing brelse() calls on error paths"
Previous message: Vivek Goyal: "Re: [PATCH 2/2] KVM: async_pf: Inject 'page ready' event only if 'page not present' was previously injected"
In reply to: Stephen Smalley: "Re: [PATCH 1/1] selinux: fix double free"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]