Skip to content

Commit 3265949

Browse files
Xiu Jianfengjrjohansen
Xiu Jianfeng
authored and
jrjohansen
committed
apparmor: Fix memleak issue in unpack_profile()
Before aa_alloc_profile(), it has allocated string for @*ns_name if @tmpns is not NULL, so directly return -ENOMEM if aa_alloc_profile() failed will cause a memleak issue, and even if aa_alloc_profile() succeed, in the @fail_profile tag of aa_unpack(), it need to free @ns_name as well, this patch fixes them. Fixes: 736ec75 ("AppArmor: policy routines for loading and unpacking policy") Fixes: 04dc715 ("apparmor: audit policy ns specified in policy load") Signed-off-by: Xiu Jianfeng <[email protected]> Signed-off-by: John Johansen <[email protected]>
1 parent 7dd426e commit 3265949

File tree

1 file changed

+12
-3
lines changed

1 file changed

+12
-3
lines changed

security/apparmor/policy_unpack.c

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -858,8 +858,11 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
858858
}
859859

860860
profile = aa_alloc_profile(name, NULL, GFP_KERNEL);
861-
if (!profile)
862-
return ERR_PTR(-ENOMEM);
861+
if (!profile) {
862+
info = "out of memory";
863+
error = -ENOMEM;
864+
goto fail;
865+
}
863866
rules = list_first_entry(&profile->rules, typeof(*rules), list);
864867

865868
/* profile renaming is optional */
@@ -1090,6 +1093,10 @@ static struct aa_profile *unpack_profile(struct aa_ext *e, char **ns_name)
10901093
if (error == 0)
10911094
/* default error covers most cases */
10921095
error = -EPROTO;
1096+
if (*ns_name) {
1097+
kfree(*ns_name);
1098+
*ns_name = NULL;
1099+
}
10931100
if (profile)
10941101
name = NULL;
10951102
else if (!name)
@@ -1392,6 +1399,7 @@ int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
13921399
{
13931400
struct aa_load_ent *tmp, *ent;
13941401
struct aa_profile *profile = NULL;
1402+
char *ns_name = NULL;
13951403
int error;
13961404
struct aa_ext e = {
13971405
.start = udata->data,
@@ -1401,7 +1409,6 @@ int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
14011409

14021410
*ns = NULL;
14031411
while (e.pos < e.end) {
1404-
char *ns_name = NULL;
14051412
void *start;
14061413
error = verify_header(&e, e.pos == e.start, ns);
14071414
if (error)
@@ -1432,6 +1439,7 @@ int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
14321439

14331440
ent->new = profile;
14341441
ent->ns_name = ns_name;
1442+
ns_name = NULL;
14351443
list_add_tail(&ent->list, lh);
14361444
}
14371445
udata->abi = e.version & K_ABI_MASK;
@@ -1452,6 +1460,7 @@ int aa_unpack(struct aa_loaddata *udata, struct list_head *lh,
14521460
return 0;
14531461

14541462
fail_profile:
1463+
kfree(ns_name);
14551464
aa_put_profile(profile);
14561465

14571466
fail:

0 commit comments

Comments
 (0)