From patchwork Thu Nov 10 10:47:02 2016 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Himanshu Shukla X-Patchwork-Id: 9420921 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 1E0316022E for ; Thu, 10 Nov 2016 10:51:04 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 14B5D29635 for ; Thu, 10 Nov 2016 10:51:04 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 0815E29637; Thu, 10 Nov 2016 10:51:04 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id EA4B529635 for ; Thu, 10 Nov 2016 10:51:02 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1754551AbcKJKvA (ORCPT ); Thu, 10 Nov 2016 05:51:00 -0500 Received: from mailout2.samsung.com ([203.254.224.25]:43312 "EHLO mailout2.samsung.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1754863AbcKJKu6 (ORCPT ); Thu, 10 Nov 2016 05:50:58 -0500 Received: from epcpsbgm2new.samsung.com (epcpsbgm2 [203.254.230.27]) by mailout2.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTP id <0OGF02CAQA4TRH10@mailout2.samsung.com> for linux-security-module@vger.kernel.org; Thu, 10 Nov 2016 19:50:53 +0900 (KST) X-AuditID: cbfee61b-f796f6d000004092-3a-5824510d4377 Received: from epmmp2 ( [203.254.227.17]) by epcpsbgm2new.samsung.com (EPCPMTA) with SMTP id 28.E3.16530.D0154285; Thu, 10 Nov 2016 19:50:53 +0900 (KST) Received: from localhost.localdomain ([107.108.92.210]) by mmp2.samsung.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built May 5 2014)) with ESMTPA id <0OGF00B5MA4N0F00@mmp2.samsung.com>; Thu, 10 Nov 2016 19:50:53 +0900 (KST) From: Himanshu Shukla To: casey@schaufler-ca.com, linux-security-module@vger.kernel.org Cc: himanshu.sh@samsung.com Subject: [PATCH] SMACK: Fix the memory leak in smack_cred_prepare() hook Date: Thu, 10 Nov 2016 16:17:02 +0530 Message-id: <1478774822-48114-1-git-send-email-himanshu.sh@samsung.com> X-Mailer: git-send-email 1.9.1 X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFtrMLMWRmVeSWpSXmKPExsVy+t9jQV3eQJUIg8tTVC3ubfvFZrH3SQur xYeeR2wOzB59W1Yxehzdv4jN4/MmuQDmKDebjNTElNQihdS85PyUzLx0W6XQEDddCyWFvMTc VFulCF3fkCAlhbLEnFIgz8gADTg4B7gHK+nbJbhlHN+cXHCJq+LD/dAGxqccXYycHBICJhK7 bs1jhLDFJC7cW8/WxcjFISQwi1HiT8dCFgjnJ6PEnJ73bCBVbAL6Ei0dk8BsEQFHicZTy5m6 GDk4mAWkJb7OtQUJCwt4SJz+/ZkNJMwioCrReyUIJMwr4C4x/cNLdohdchInj01mncDIvYCR YRWjRGpBckFxUnquUV5quV5xYm5xaV66XnJ+7iZGcIA9k97BeHiX+yFGAQ5GJR5ei0rlCCHW xLLiytxDjBIczEoivLddVSKEeFMSK6tSi/Lji0pzUosPMZoC7Z/ILCWanA8M/rySeEMTcxNz YwMLc0tLEyMlcd7G2c/ChQTSE0tSs1NTC1KLYPqYODilGhiXP9Va3LlZbfvm+IpZiVsdT/ja GiUctjr4/7HO7uiKqWyzz17///xs5y5RFa20/vVrZ5pb8zDez7wiMG9NNffaHt9MdQ3xdLtd JV93bvH4Xcfn3TPhmpX5vj2NXx83P9PqdvR6/JJHT1r1/r6tTy5pvszqU84ozf76rF7vlO/u v78ay2ZG111RYinOSDTUYi4qTgQA6JAlCkYCAAA= X-MTR: 20000000000000000@CPGS Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP Memory leak in smack_cred_prepare()function. smack_cred_prepare() hook returns error if there is error in allocating memory in smk_copy_rules() or smk_copy_relabel() function. If smack_cred_prepare() function returns error then the calling function should call smack_cred_free() function for cleanup. In smack_cred_free() function first credential is extracted and then all rules are deleted. In smack_cred_prepare() function security field is assigned in the end when all function return success. But this function may return before and memory will not be freed. Signed-off-by: Himanshu Shukla Acked-by: Casey Schaufler --- security/smack/smack_lsm.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 1cb0602..f766fbf 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -2023,6 +2023,8 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old, if (new_tsp == NULL) return -ENOMEM; + new->security = new_tsp; + rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp); if (rc != 0) return rc; @@ -2032,7 +2034,6 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old, if (rc != 0) return rc; - new->security = new_tsp; return 0; }