rpms/kernel/devel linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch, NONE, 1.1 kernel.spec, 1.921, 1.922

Chuck Ebbert cebbert at fedoraproject.org
Wed Sep 3 00:35:08 UTC 2008 

Author: cebbert

Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21617

Modified Files:
	kernel.spec 
Added Files:
	linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch 
Log Message:
Fix selinux memory leak (#460848)

linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch:

--- NEW FILE linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch ---
From: Eric Paris <eparis at redhat.com>
Date: Tue, 2 Sep 2008 21:15:11 +0000 (-0400)
Subject: SELinux: memory leak in security_context_to_sid_core
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fjmorris%2Fsecurity-testing-2.6.git;a=commitdiff_plain;h=b14c3a15b26f22f7a11c4f11092314665b1dc45d

SELinux: memory leak in security_context_to_sid_core

Memory leak in security_context_to_sid_core() as a result of the
deferred context patches.  Code audit found another possible leak in
string_to_context_struct() so I fixed that error path as well.

This is a regression since 2.6.26.

Signed-off-by: Eric Paris <eparis at redhat.com>
Signed-off-by: James Morris <jmorris at namei.org>
---

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index b52f923..e1090c1 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -805,18 +805,20 @@ static int string_to_context_struct(struct policydb *pol,
 
 	if ((p - scontext) < scontext_len) {
 		rc = -EINVAL;
-		goto out;
+		goto out_destroy;
 	}
 
 	/* Check the validity of the new context. */
 	if (!policydb_context_isvalid(pol, ctx)) {
 		rc = -EINVAL;
-		context_destroy(ctx);
-		goto out;
+		goto out_destroy;
 	}
 	rc = 0;
 out:
 	return rc;
+out_destroy:
+	context_destroy(ctx);
+	goto out;
 }
 
 static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
@@ -868,10 +870,9 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
 	} else if (rc)
 		goto out;
 	rc = sidtab_context_to_sid(&sidtab, &context, sid);
-	if (rc)
-		context_destroy(&context);
 out:
 	read_unlock(&policy_rwlock);
+	context_destroy(&context);
 	kfree(scontext2);
 	kfree(str);
 	return rc;


Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.921
retrieving revision 1.922
diff -u -r1.921 -r1.922
--- kernel.spec	2 Sep 2008 22:27:17 -0000	1.921
+++ kernel.spec	3 Sep 2008 00:34:38 -0000	1.922
@@ -642,6 +642,9 @@
 # silence the ACPI blacklist code
 Patch2802: linux-2.6-silence-acpi-blacklist.patch
 
+# fix selinux memory leak, patch headed upstream
+Patch3000:  linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch
+
 %endif
 
 BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1176,7 +1179,7 @@
 # silence the ACPI blacklist code
 ApplyPatch linux-2.6-silence-acpi-blacklist.patch
 
-# ---------- below all scheduled for 2.6.24 -----------------
+ApplyPatch  linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch
 
 # END OF PATCH APPLICATIONS
 
@@ -1750,6 +1753,9 @@
 %kernel_variant_files -k vmlinux %{with_kdump} kdump
 
 %changelog
+* Tue Sep 02 2008 Chuck Ebbert <cebbert at redhat.com>
+- Fix selinux memory leak (#460848)
+
 * Tue Sep 02 2008 Jarod Wilson <jarod at redhat.com>
 - Rename lirc_pvr150 to more appropriate lirc_zilog

More information about the fedora-extras-commits mailing list