linux

History

Paul Moore 023f108dcc selinux: fix double free in selinux_parse_opts_str() This patch is based on a discussion generated by an earlier patch from Tetsuo Handa: * https://marc.info/?t=149035659300001&r=1&w=2 The double free problem involves the mnt_opts field of the security_mnt_opts struct, selinux_parse_opts_str() frees the memory on error, but doesn't set the field to NULL so if the caller later attempts to call security_free_mnt_opts() we trigger the problem. In order to play it safe we change selinux_parse_opts_str() to call security_free_mnt_opts() on error instead of free'ing the memory directly. This should ensure that everything is handled correctly, regardless of what the caller may do. Fixes: `e000752989` ("LSM/SELinux: Interfaces to allow FS to control mount options") Cc: stable@vger.kernel.org Cc: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Reported-by: Dmitry Vyukov <dvyukov@google.com> Signed-off-by: Paul Moore <paul@paul-moore.com> Signed-off-by: James Morris <james.l.morris@oracle.com>		2017-06-13 17:34:22 +10:00
..
include
ss	selinux: Fix an uninitialized variable bug	2017-03-31 15:16:18 -04:00
.gitignore
avc.c
exports.c
hooks.c	selinux: fix double free in selinux_parse_opts_str()	2017-06-13 17:34:22 +10:00
Kconfig
Makefile
netif.c
netlabel.c
netlink.c
netnode.c
netport.c
nlmsgtab.c	Merge branch 'next' of git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/linux-security	2017-05-03 08:50:52 -07:00
selinuxfs.c	Merge branch 'work.misc' of git://git.kernel.org/pub/scm/linux/kernel/git/viro/vfs	2017-05-09 09:12:53 -07:00
xfrm.c