[PATCH] SELinux: handle sel_make_bools() failure in selinuxfs

This patch fixes error handling in sel_make_bools(), where currently we'd
get a memory leak via security_get_bools() and try to kfree() the wrong
pointer if called again.

Signed-off-by: James Morris <jmorris@namei.org>
Acked-by: Stephen Smalley <sds@tycho.nsa.gov>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/security/selinux/selinuxfs.c b/security/selinux/selinuxfs.c
index 8eb140dd2e4b3bda4906f717491bb740b4450e50..a45cc971e73588bdc0c2e5a74774736c854f713d 100644 (file)
--- a/security/selinux/selinuxfs.c
+++ b/security/selinux/selinuxfs.c
@@ -879,7 +879,7 @@ static ssize_t sel_commit_bools_write(struct file *filep,
        if (sscanf(page, "%d", &new_value) != 1)
                goto out;
 
-       if (new_value) {
+       if (new_value && bool_pending_values) {
                security_set_bools(bool_num, bool_pending_values);
        }
 
@@ -952,6 +952,7 @@ static int sel_make_bools(void)
 
        /* remove any existing files */
        kfree(bool_pending_values);
+       bool_pending_values = NULL;
 
        sel_remove_bools(dir);
 
@@ -1002,6 +1003,7 @@ out:
        }
        return ret;
 err:
+       kfree(values);
        d_genocide(dir);
        ret = -ENOMEM;
        goto out;