tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6

* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/selinux-2.6:
Net/Security: fix memory leaks from security_secid_to_secctx()
SELinux: remove redundant pointer checks before calling kfree()
SELinux: restore proper NetLabel caching behavior

Linus Torvalds 160d6aaf 22f675f3

+21 -9
+2
include/net/netlabel.h
··· 132 132 #define NETLBL_SECATTR_CACHE 0x00000002 133 133 #define NETLBL_SECATTR_MLS_LVL 0x00000004 134 134 #define NETLBL_SECATTR_MLS_CAT 0x00000008 135 + #define NETLBL_SECATTR_CACHEABLE (NETLBL_SECATTR_MLS_LVL | \ 136 + NETLBL_SECATTR_MLS_CAT) 135 137 struct netlbl_lsm_secattr { 136 138 u32 flags; 137 139
+3 -1
net/netlabel/netlabel_user.c
··· 113 113 if (audit_info->secid != 0 && 114 114 security_secid_to_secctx(audit_info->secid, 115 115 &secctx, 116 - &secctx_len) == 0) 116 + &secctx_len) == 0) { 117 117 audit_log_format(audit_buf, " subj=%s", secctx); 118 + security_release_secctx(secctx, secctx_len); 119 + } 118 120 119 121 return audit_buf; 120 122 }
+3 -2
net/xfrm/xfrm_policy.c
··· 2195 2195 } 2196 2196 2197 2197 if (sid != 0 && 2198 - security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) 2198 + security_secid_to_secctx(sid, &secctx, &secctx_len) == 0) { 2199 2199 audit_log_format(audit_buf, " subj=%s", secctx); 2200 - else 2200 + security_release_secctx(secctx, secctx_len); 2201 + } else 2201 2202 audit_log_task_context(audit_buf); 2202 2203 2203 2204 if (xp) {
+1 -2
security/selinux/hooks.c
··· 4658 4658 4659 4659 static void selinux_release_secctx(char *secdata, u32 seclen) 4660 4660 { 4661 - if (secdata) 4662 - kfree(secdata); 4661 + kfree(secdata); 4663 4662 } 4664 4663 4665 4664 #ifdef CONFIG_KEYS
+12 -4
security/selinux/netlabel.c
··· 162 162 163 163 netlbl_secattr_init(&secattr); 164 164 rc = netlbl_skbuff_getattr(skb, &secattr); 165 - if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) 165 + if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) { 166 166 rc = security_netlbl_secattr_to_sid(&secattr, base_sid, sid); 167 - else 167 + if (rc == 0 && 168 + (secattr.flags & NETLBL_SECATTR_CACHEABLE) && 169 + (secattr.flags & NETLBL_SECATTR_CACHE)) 170 + netlbl_cache_add(skb, &secattr); 171 + } else 168 172 *sid = SECSID_NULL; 169 173 netlbl_secattr_destroy(&secattr); 170 174 ··· 311 307 312 308 netlbl_secattr_init(&secattr); 313 309 rc = netlbl_skbuff_getattr(skb, &secattr); 314 - if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) 310 + if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) { 315 311 rc = security_netlbl_secattr_to_sid(&secattr, 316 312 SECINITSID_NETMSG, 317 313 &nlbl_sid); 318 - else 314 + if (rc == 0 && 315 + (secattr.flags & NETLBL_SECATTR_CACHEABLE) && 316 + (secattr.flags & NETLBL_SECATTR_CACHE)) 317 + netlbl_cache_add(skb, &secattr); 318 + } else 319 319 nlbl_sid = SECINITSID_UNLABELED; 320 320 netlbl_secattr_destroy(&secattr); 321 321 if (rc != 0)