Re: [apparmor] [PATCH][NEXT] apparmor: Fix memory leak of rule on error exit path
On 05/17/2018 12:53 PM, Tyler Hicks wrote: > Currently on the error exit path the allocated rule is not free'd > causing a memory leak. Fix this by calling aa_audit_rule_free(). > > Detected by CoverityScan, CID#1468966 ("Resource leaks") > > Fixes: cb740f574c7b ("apparmor: modify audit rule support to support profile > stacks") > Signed-off-by: Tyler HicksAcked-by: John Johansen and pulled into apparmor-next > --- > security/apparmor/audit.c | 6 -- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c > index 575f3e9c8c80..eeaddfe0c0fb 100644 > --- a/security/apparmor/audit.c > +++ b/security/apparmor/audit.c > @@ -200,10 +200,12 @@ int aa_audit_rule_init(u32 field, u32 op, char > *rulestr, void **vrule) > /* Currently rules are treated as coming from the root ns */ > rule->label = aa_label_parse(_ns->unconfined->label, rulestr, >GFP_KERNEL, true, false); > - if (IS_ERR(rule->label)) > + if (IS_ERR(rule->label)) { > + aa_audit_rule_free(rule); > return PTR_ERR(rule->label); > - *vrule = rule; > + } > > + *vrule = rule; > return 0; > } > > -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
[apparmor] [PATCH][NEXT] apparmor: Fix memory leak of rule on error exit path
Currently on the error exit path the allocated rule is not free'd causing a memory leak. Fix this by calling aa_audit_rule_free(). Detected by CoverityScan, CID#1468966 ("Resource leaks") Fixes: cb740f574c7b ("apparmor: modify audit rule support to support profile stacks") Signed-off-by: Tyler Hicks--- security/apparmor/audit.c | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/security/apparmor/audit.c b/security/apparmor/audit.c index 575f3e9c8c80..eeaddfe0c0fb 100644 --- a/security/apparmor/audit.c +++ b/security/apparmor/audit.c @@ -200,10 +200,12 @@ int aa_audit_rule_init(u32 field, u32 op, char *rulestr, void **vrule) /* Currently rules are treated as coming from the root ns */ rule->label = aa_label_parse(_ns->unconfined->label, rulestr, GFP_KERNEL, true, false); - if (IS_ERR(rule->label)) + if (IS_ERR(rule->label)) { + aa_audit_rule_free(rule); return PTR_ERR(rule->label); - *vrule = rule; + } + *vrule = rule; return 0; } -- 2.7.4 -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor