linux/security/selinux
Paul Moore 023f108dcc selinux: fix double free in selinux_parse_opts_str()
This patch is based on a discussion generated by an earlier patch
from Tetsuo Handa:

* https://marc.info/?t=149035659300001&r=1&w=2

The double free problem involves the mnt_opts field of the
security_mnt_opts struct, selinux_parse_opts_str() frees the memory
on error, but doesn't set the field to NULL so if the caller later
attempts to call security_free_mnt_opts() we trigger the problem.

In order to play it safe we change selinux_parse_opts_str() to call
security_free_mnt_opts() on error instead of free'ing the memory
directly.  This should ensure that everything is handled correctly,
regardless of what the caller may do.

Fixes: e000752989 ("LSM/SELinux: Interfaces to allow FS to control mount options")
Cc: stable@vger.kernel.org
Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Reported-by: Dmitry Vyukov <dvyukov@google.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: James Morris <james.l.morris@oracle.com>
2017-06-13 17:34:22 +10:00
..
include prlimit,security,selinux: add a security hook for prlimit 2017-03-06 10:43:47 +11:00
ss selinux: Fix an uninitialized variable bug 2017-03-31 15:16:18 -04:00
.gitignore
Kconfig security: introduce CONFIG_SECURITY_WRITABLE_HOOKS 2017-03-06 11:00:12 +11:00
Makefile selinux: use absolute path to include directory 2016-01-28 10:37:15 -05:00
avc.c Merge branch 'next' of git://git.infradead.org/users/pcmoore/selinux into next 2015-08-15 13:29:57 +10:00
exports.c
hooks.c selinux: fix double free in selinux_parse_opts_str() 2017-06-13 17:34:22 +10:00
netif.c
netlabel.c calipso: Add a label cache. 2016-06-27 15:06:17 -04:00
netlink.c
netnode.c
netport.c
nlmsgtab.c Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security 2017-05-03 08:50:52 -07:00
selinuxfs.c Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs 2017-05-09 09:12:53 -07:00
xfrm.c netfilter: Remove spurios included of netfilter.h 2015-06-18 21:14:32 +02:00