Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit eb599bf3 authored by Bernard Zhao's avatar Bernard Zhao Committed by Greg Kroah-Hartman
Browse files

selinux: fix potential memleak in selinux_add_opt() 



[ Upstream commit 2e08df3c7c4e4e74e3dd5104c100f0bf6288aaa8 ]

This patch try to fix potential memleak in error branch.

Fixes: ba641862 ("selinux: new helper - selinux_add_opt()")
Signed-off-by: default avatarBernard Zhao <bernard@vivo.com>
[PM: tweak the subject line, add Fixes tag]
Signed-off-by: default avatarPaul Moore <paul@paul-moore.com>
Signed-off-by: default avatarSasha Levin <sashal@kernel.org>
parent 8fe5e6ed

security/selinux/hooks.c

+10 −2
Original line number Diff line number Diff line
@@ -995,18 +995,22 @@ static int selinux_sb_clone_mnt_opts(const struct super_block *oldsb, 
static int selinux_add_opt(int token, const char *s, void **mnt_opts)

{

	struct selinux_mnt_opts *opts = *mnt_opts;

	bool is_alloc_opts = false;



	if (token == Opt_seclabel)	/* eaten and completely ignored */

		return 0;



	if (!s)

		return -ENOMEM;



	if (!opts) {

		opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);

		if (!opts)

			return -ENOMEM;

		*mnt_opts = opts;

		is_alloc_opts = true;

	}

	if (!s)

		return -ENOMEM;



	switch (token) {

	case Opt_context:

		if (opts->context || opts->defcontext)
@@ -1031,6 +1035,10 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts) 
	}

	return 0;

Einval:

	if (is_alloc_opts) {

		kfree(opts);

		*mnt_opts = NULL;

	}

	pr_warn(SEL_MOUNT_FAIL_MSG);

	return -EINVAL;

}