apparmor_secmark_init() parses a configured secmark label to obtain its
secid. aa_label_strn_parse() returns a refcounted label, but the success
path kept that reference after copying the secid.
Fixes: ab9f2115081a ("apparmor: Allow filtering based on secmark policy")
Signed-off-by: Zygmunt Krynicki <[email protected]>
---
security/apparmor/net.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/security/apparmor/net.c b/security/apparmor/net.c
index 44c04102062f3..df9cb7c00cac8 100644
--- a/security/apparmor/net.c
+++ b/security/apparmor/net.c
@@ -354,6 +354,7 @@ static int apparmor_secmark_init(struct aa_secmark *secmark)
return PTR_ERR(label);
secmark->secid = label->secid;
+ aa_put_label(label);
return 0;
}
--
2.53.0
