From patchwork Fri Mar 24 11:42:05 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tetsuo Handa X-Patchwork-Id: 9642753 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork.web.codeaurora.org (Postfix) with ESMTP id 152CF60327 for ; Fri, 24 Mar 2017 11:42:22 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id E92252041F for ; Fri, 24 Mar 2017 11:42:21 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id DA35426E81; Fri, 24 Mar 2017 11:42:21 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-6.9 required=2.0 tests=BAYES_00,RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 1857A2041F for ; Fri, 24 Mar 2017 11:42:21 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1756577AbdCXLmV (ORCPT ); Fri, 24 Mar 2017 07:42:21 -0400 Received: from www262.sakura.ne.jp ([202.181.97.72]:11282 "EHLO www262.sakura.ne.jp" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751421AbdCXLmU (ORCPT ); Fri, 24 Mar 2017 07:42:20 -0400 Received: from fsav102.sakura.ne.jp (fsav102.sakura.ne.jp [27.133.134.229]) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id v2OBgDkT022432; Fri, 24 Mar 2017 20:42:13 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) Received: from www262.sakura.ne.jp (202.181.97.72) by fsav102.sakura.ne.jp (F-Secure/fsigk_smtp/530/fsav102.sakura.ne.jp); Fri, 24 Mar 2017 20:42:13 +0900 (JST) X-Virus-Status: clean(F-Secure/fsigk_smtp/530/fsav102.sakura.ne.jp) Received: from ccsecurity.localdomain (softbank126227147111.bbtec.net [126.227.147.111]) (authenticated bits=0) by www262.sakura.ne.jp (8.14.5/8.14.5) with ESMTP id v2OBg6tS022425 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO); Fri, 24 Mar 2017 20:42:13 +0900 (JST) (envelope-from penguin-kernel@I-love.SAKURA.ne.jp) From: Tetsuo Handa To: linux-security-module@vger.kernel.org Cc: Tetsuo Handa , Vivek Trivedi , Amit Sahrawat , Casey Schaufler Subject: [PATCH] smack: fix double free in smack_parse_opts_str() Date: Fri, 24 Mar 2017 20:42:05 +0900 Message-Id: <1490355725-13867-1-git-send-email-penguin-kernel@I-love.SAKURA.ne.jp> X-Mailer: git-send-email 1.8.3.1 Sender: owner-linux-security-module@vger.kernel.org Precedence: bulk List-ID: X-Virus-Scanned: ClamAV using ClamSMTP smack_parse_opts_str() calls kfree(opts->mnt_opts) when kcalloc() for opts->mnt_opts_flags failed. But it should not have called it because security_free_mnt_opts() will call kfree(opts->mnt_opts). Signed-off-by: Tetsuo Handa fixes: 3bf2789cad9e6573 ("smack: allow mount opts setting over filesystems with binary mount data") Cc: Vivek Trivedi Cc: Amit Sahrawat Cc: Casey Schaufler Acked-by: Casey Schaufler --- security/smack/smack_lsm.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c index 927e60e..658f5d8 100644 --- a/security/smack/smack_lsm.c +++ b/security/smack/smack_lsm.c @@ -695,10 +695,8 @@ static int smack_parse_opts_str(char *options, opts->mnt_opts_flags = kcalloc(NUM_SMK_MNT_OPTS, sizeof(int), GFP_KERNEL); - if (!opts->mnt_opts_flags) { - kfree(opts->mnt_opts); + if (!opts->mnt_opts_flags) goto out_err; - } if (fsdefault) { opts->mnt_opts[num_mnt_opts] = fsdefault;