The security_secid_to_secctx() function returns memory that must be freed
by a call to security_release_secctx() which was not always happening. This
patch fixes two of these problems (all that I could find in the kernel source
at present).
Signed-off-by: Paul Moore <[EMAIL PROTECTED]>
---
net/netlabel/netlabel_user.c | 4 +++-
net/xfrm/xfrm_policy.c | 5 +++--
2 files changed, 6 insertions(+), 3 deletions(-)
Index: linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c
===================================================================
--- linux-2.6_secctx-leaks.orig/net/netlabel/netlabel_user.c
+++ linux-2.6_secctx-leaks/net/netlabel/netlabel_user.c
@@ -113,8 +113,10 @@ struct audit_buffer *netlbl_audit_start_
if (audit_info->secid != 0 &&
security_secid_to_secctx(audit_info->secid,
&secctx,
- &secctx_len) == 0)
+ &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
+ security_release_secctx(secctx, secctx_len);
+ }
return audit_buf;
}
Index: linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c
===================================================================
--- linux-2.6_secctx-leaks.orig/net/xfrm/xfrm_policy.c
+++ linux-2.6_secctx-leaks/net/xfrm/xfrm_policy.c
@@ -2195,9 +2195,10 @@ void xfrm_audit_log(uid_t auid, u32 sid,
}
if (sid != 0 &&
- security_secid_to_secctx(sid, &secctx, &secctx_len) == 0)
+ security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) {
audit_log_format(audit_buf, " subj=%s", secctx);
- else
+ security_release_secctx(secctx, secctx_len);
+ } else
audit_log_task_context(audit_buf);
if (xp) {
--
paul moore
linux security @ hp
-
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to [EMAIL PROTECTED]
More majordomo info at http://vger.kernel.org/majordomo-info.html
