From: Xiu Jianfeng xiujianfeng@huawei.com
[ Upstream commit 73de1befcc53a7c68b0c5e76b9b5ac41c517760f ]
In this function, it directly returns the result of __security_read_policy without freeing the allocated memory in *data, cause memory leak issue, so free the memory if __security_read_policy failed.
Signed-off-by: Xiu Jianfeng xiujianfeng@huawei.com [PM: subject line tweak] Signed-off-by: Paul Moore paul@paul-moore.com Signed-off-by: Sasha Levin sashal@kernel.org --- security/selinux/ss/services.c | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c index c4931bf6f92a..e8035e4876df 100644 --- a/security/selinux/ss/services.c +++ b/security/selinux/ss/services.c @@ -4045,6 +4045,7 @@ int security_read_policy(struct selinux_state *state, int security_read_state_kernel(struct selinux_state *state, void **data, size_t *len) { + int err; struct selinux_policy *policy;
policy = rcu_dereference_protected( @@ -4057,5 +4058,11 @@ int security_read_state_kernel(struct selinux_state *state, if (!*data) return -ENOMEM;
- return __security_read_policy(policy, *data, len); + err = __security_read_policy(policy, *data, len); + if (err) { + vfree(*data); + *data = NULL; + *len = 0; + } + return err; }