Commit 2e08df3c authored by Bernard Zhao's avatar Bernard Zhao Committed by Paul Moore
Browse files

selinux: fix potential memleak in selinux_add_opt() 



This patch try to fix potential memleak in error branch.

Fixes: ba641862 ("selinux: new helper - selinux_add_opt()")
Signed-off-by: default avatarBernard Zhao <bernard@vivo.com>
[PM: tweak the subject line, add Fixes tag]
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
parent 52f982f0

security/selinux/hooks.c

+10 −2
Original line number Original line Diff line number Diff line
@@ -970,18 +970,22 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, 
static int selinux_add_opt(int token, const char *s, void **mnt_opts)

static int selinux_add_opt(int token, const char *s, void **mnt_opts)

{

{

	struct selinux_mnt_opts *opts = *mnt_opts;

	struct selinux_mnt_opts *opts = *mnt_opts;

	bool is_alloc_opts = false;





	if (token == Opt_seclabel)	/* eaten and completely ignored */

	if (token == Opt_seclabel)	/* eaten and completely ignored */

		return 0;

		return 0;





	if (!s)

		return -ENOMEM;



	if (!opts) {

	if (!opts) {

		opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);

		opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);

		if (!opts)

		if (!opts)

			return -ENOMEM;

			return -ENOMEM;

		*mnt_opts = opts;

		*mnt_opts = opts;

		is_alloc_opts = true;

	}

	}

	if (!s)



		return -ENOMEM;

	switch (token) {

	switch (token) {

	case Opt_context:

	case Opt_context:

		if (opts->context || opts->defcontext)

		if (opts->context || opts->defcontext)
@@ -1006,6 +1010,10 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts) 
	}

	}

	return 0;

	return 0;

Einval:

Einval:

	if (is_alloc_opts) {

		kfree(opts);

		*mnt_opts = NULL;

	}

	pr_warn(SEL_MOUNT_FAIL_MSG);

	pr_warn(SEL_MOUNT_FAIL_MSG);

	return -EINVAL;

	return -EINVAL;

}

}