This patch fixes a double free (security_netlbl_sid_to_secattr() already calls netlbl_secattr_destroy() when it returns !0) introduced by commit 45c950e0f839fded922ebc0bfd59b1081cc71b70 and spotted by the Coverity checker.
Signed-off-by: Adrian Bunk <[EMAIL PROTECTED]> --- --- linux-2.6/security/selinux/netlabel.c.old 2008-01-23 00:38:19.000000000 +0200 +++ linux-2.6/security/selinux/netlabel.c 2008-01-23 00:39:09.000000000 +0200 @@ -58,22 +58,22 @@ static int selinux_netlbl_sock_setsid(st rc = security_netlbl_sid_to_secattr(sid, &secattr); if (rc != 0) goto sock_setsid_return; rc = netlbl_sock_setattr(sk, &secattr); if (rc == 0) { spin_lock_bh(&sksec->nlbl_lock); sksec->nlbl_state = NLBL_LABELED; spin_unlock_bh(&sksec->nlbl_lock); } -sock_setsid_return: netlbl_secattr_destroy(&secattr); +sock_setsid_return: return rc; } /** * selinux_netlbl_cache_invalidate - Invalidate the NetLabel cache * * Description: * Invalidate the NetLabel security attribute mapping cache. * */ -- To unsubscribe from this list: send the line "unsubscribe netdev" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html