IPC auditing (Was: Re: Another slab size-32 leak 2.6.16-rc4-mm2)
Timothy R. Chavez
tinytim at us.ibm.com
Tue Feb 28 16:23:08 UTC 2006
On Tue, 2006-02-28 at 10:01 -0500, Stephen Smalley wrote:
> On Tue, 2006-02-28 at 15:20 +0100, Stephan Mueller wrote:
> > [...]
> >
> > error_path:
> > kfree(ctx);
> > audit_panic("error in audit_ipc_context");
> >
> > You free ctx although it has not been allocated - I do not like that ;-)
>
> Common convention is to initialize ctx to NULL upon declaration, and
> then such kfree() calls are safe on the error path.
>
[tangent]
The other problem with this function is that it uses the variable name
"ctx" to describe a security label where "ctx" is used every where else
in the code to describe an audit context. Also, while I'm on a tangent,
I thought we reached some sort of agreement a while back to rename the
audit_panic function to something like audit_failure()...
[/tangent]
-tim
More information about the Linux-audit
mailing list