Re: [apparmor] [PATCH][NEXT] apparmor: Fix memory leak of rule on error exit path

2018-05-17 Thread John Johansen 
On 05/17/2018 12:53 PM, Tyler Hicks wrote:
> Currently on the error exit path the allocated rule is not free'd
> causing a memory leak. Fix this by calling aa_audit_rule_free().
> 
> Detected by CoverityScan, CID#1468966 ("Resource leaks")
> 
> Fixes: cb740f574c7b ("apparmor: modify audit rule support to support profile 
> stacks")
> Signed-off-by: Tyler Hicks 

Acked-by: John Johansen 

and pulled into apparmor-next

> ---
>  security/apparmor/audit.c | 6 --
>  1 file changed, 4 insertions(+), 2 deletions(-)
> 
> diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
> index 575f3e9c8c80..eeaddfe0c0fb 100644
> --- a/security/apparmor/audit.c
> +++ b/security/apparmor/audit.c
> @@ -200,10 +200,12 @@ int aa_audit_rule_init(u32 field, u32 op, char 
> *rulestr, void **vrule)
>   /* Currently rules are treated as coming from the root ns */
>   rule->label = aa_label_parse(_ns->unconfined->label, rulestr,
>GFP_KERNEL, true, false);
> - if (IS_ERR(rule->label))
> + if (IS_ERR(rule->label)) {
> + aa_audit_rule_free(rule);
>   return PTR_ERR(rule->label);
> - *vrule = rule;
> + }
>  
> + *vrule = rule;
>   return 0;
>  }
>  
> 


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

[apparmor] [PATCH][NEXT] apparmor: Fix memory leak of rule on error exit path

2018-05-17 Thread Tyler Hicks 
Currently on the error exit path the allocated rule is not free'd
causing a memory leak. Fix this by calling aa_audit_rule_free().

Detected by CoverityScan, CID#1468966 ("Resource leaks")

Fixes: cb740f574c7b ("apparmor: modify audit rule support to support profile 
stacks")
Signed-off-by: Tyler Hicks 
---
 security/apparmor/audit.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c
index 575f3e9c8c80..eeaddfe0c0fb 100644
--- a/security/apparmor/audit.c
+++ b/security/apparmor/audit.c
@@ -200,10 +200,12 @@ int aa_audit_rule_init(u32 field, u32 op, char *rulestr, 
void **vrule)
/* Currently rules are treated as coming from the root ns */
rule->label = aa_label_parse(_ns->unconfined->label, rulestr,
 GFP_KERNEL, true, false);
-   if (IS_ERR(rule->label))
+   if (IS_ERR(rule->label)) {
+   aa_audit_rule_free(rule);
return PTR_ERR(rule->label);
-   *vrule = rule;
+   }
 
+   *vrule = rule;
return 0;
 }
 
-- 
2.7.4


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor