rpms/kernel/devel linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch, NONE, 1.1 kernel.spec, 1.921, 1.922
Chuck Ebbert
cebbert at fedoraproject.org
Wed Sep 3 00:35:08 UTC 2008
- Previous message (by thread): rpms/gtk2-engines/devel .cvsignore, 1.54, 1.55 gtk2-engines.spec, 1.94, 1.95 sources, 1.55, 1.56
- Next message (by thread): rpms/kernel/devel .cvsignore, 1.912, 1.913 kernel.spec, 1.922, 1.923 sources, 1.875, 1.876 upstream, 1.788, 1.789
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: cebbert
Update of /cvs/pkgs/rpms/kernel/devel
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv21617
Modified Files:
kernel.spec
Added Files:
linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch
Log Message:
Fix selinux memory leak (#460848)
linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch:
--- NEW FILE linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch ---
From: Eric Paris <eparis at redhat.com>
Date: Tue, 2 Sep 2008 21:15:11 +0000 (-0400)
Subject: SELinux: memory leak in security_context_to_sid_core
X-Git-Url: http://git.kernel.org/?p=linux%2Fkernel%2Fgit%2Fjmorris%2Fsecurity-testing-2.6.git;a=commitdiff_plain;h=b14c3a15b26f22f7a11c4f11092314665b1dc45d
SELinux: memory leak in security_context_to_sid_core
Memory leak in security_context_to_sid_core() as a result of the
deferred context patches. Code audit found another possible leak in
string_to_context_struct() so I fixed that error path as well.
This is a regression since 2.6.26.
Signed-off-by: Eric Paris <eparis at redhat.com>
Signed-off-by: James Morris <jmorris at namei.org>
---
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index b52f923..e1090c1 100644
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -805,18 +805,20 @@ static int string_to_context_struct(struct policydb *pol,
if ((p - scontext) < scontext_len) {
rc = -EINVAL;
- goto out;
+ goto out_destroy;
}
/* Check the validity of the new context. */
if (!policydb_context_isvalid(pol, ctx)) {
rc = -EINVAL;
- context_destroy(ctx);
- goto out;
+ goto out_destroy;
}
rc = 0;
out:
return rc;
+out_destroy:
+ context_destroy(ctx);
+ goto out;
}
static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
@@ -868,10 +870,9 @@ static int security_context_to_sid_core(const char *scontext, u32 scontext_len,
} else if (rc)
goto out;
rc = sidtab_context_to_sid(&sidtab, &context, sid);
- if (rc)
- context_destroy(&context);
out:
read_unlock(&policy_rwlock);
+ context_destroy(&context);
kfree(scontext2);
kfree(str);
return rc;
Index: kernel.spec
===================================================================
RCS file: /cvs/pkgs/rpms/kernel/devel/kernel.spec,v
retrieving revision 1.921
retrieving revision 1.922
diff -u -r1.921 -r1.922
--- kernel.spec 2 Sep 2008 22:27:17 -0000 1.921
+++ kernel.spec 3 Sep 2008 00:34:38 -0000 1.922
@@ -642,6 +642,9 @@
# silence the ACPI blacklist code
Patch2802: linux-2.6-silence-acpi-blacklist.patch
+# fix selinux memory leak, patch headed upstream
+Patch3000: linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch
+
%endif
BuildRoot: %{_tmppath}/kernel-%{KVERREL}-root
@@ -1176,7 +1179,7 @@
# silence the ACPI blacklist code
ApplyPatch linux-2.6-silence-acpi-blacklist.patch
-# ---------- below all scheduled for 2.6.24 -----------------
+ApplyPatch linux-2.6-selinux-memory-leak-in-security-context-to-sid-core.patch
# END OF PATCH APPLICATIONS
@@ -1750,6 +1753,9 @@
%kernel_variant_files -k vmlinux %{with_kdump} kdump
%changelog
+* Tue Sep 02 2008 Chuck Ebbert <cebbert at redhat.com>
+- Fix selinux memory leak (#460848)
+
* Tue Sep 02 2008 Jarod Wilson <jarod at redhat.com>
- Rename lirc_pvr150 to more appropriate lirc_zilog
- Previous message (by thread): rpms/gtk2-engines/devel .cvsignore, 1.54, 1.55 gtk2-engines.spec, 1.94, 1.95 sources, 1.55, 1.56
- Next message (by thread): rpms/kernel/devel .cvsignore, 1.912, 1.913 kernel.spec, 1.922, 1.923 sources, 1.875, 1.876 upstream, 1.788, 1.789
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list