Commit 3ddae987 authored Apr 13, 2018 by John Johansen

apparmor: fix memory leak when deduping profile load

AppArmor is leaking the newly loaded profile and its proxy when
the profile is an exact match to the currently loaded version.

In this case the dedup check results in the profile being skipped and
put without dealing with the proxy ref thus not breaking a circular
refcount and causing a leak.

BugLink: http://bugs.launchpad.net/bugs/1750594


Fixes: 5d5182ca ("apparmor: move to per loaddata files, instead of replicating in profiles")
Signed-off-by: John Johansen <john.johansen@canonical.com>

parent 11c92f14

security/apparmor/policy.c

+3 −0

Original line number	Original line	Diff line number	Diff line
	@@ -1008,6 +1008,9 @@ ssize_t aa_replace_profiles(struct aa_ns policy_ns, struct aa_label label,
	audit_policy(label, op, ns_name, ent->new->base.hname,		audit_policy(label, op, ns_name, ent->new->base.hname,
	"same as current profile, skipping",		"same as current profile, skipping",
	error);		error);
			/* break refcount cycle with proxy. */
			aa_put_proxy(ent->new->label.proxy);
			ent->new->label.proxy = NULL;
	goto skip;		goto skip;
	}		}