From patchwork Thu Jul 25 10:52:43 2019 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ondrej Mosnacek X-Patchwork-Id: 11058605 Return-Path: Received: from mail.wl.linuxfoundation.org (pdx-wl-mail.web.codeaurora.org [172.30.200.125]) by pdx-korg-patchwork-2.web.codeaurora.org (Postfix) with ESMTP id 47853138D for ; Thu, 25 Jul 2019 10:52:50 +0000 (UTC) Received: from mail.wl.linuxfoundation.org (localhost [127.0.0.1]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 370C828999 for ; Thu, 25 Jul 2019 10:52:50 +0000 (UTC) Received: by mail.wl.linuxfoundation.org (Postfix, from userid 486) id 2B3E32899D; Thu, 25 Jul 2019 10:52:50 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on pdx-wl-mail.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-7.9 required=2.0 tests=BAYES_00,MAILING_LIST_MULTI, RCVD_IN_DNSWL_HI autolearn=ham version=3.3.1 Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.wl.linuxfoundation.org (Postfix) with ESMTP id 0BE8F2899B for ; Thu, 25 Jul 2019 10:52:49 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1729011AbfGYKws (ORCPT ); Thu, 25 Jul 2019 06:52:48 -0400 Received: from mail-wm1-f68.google.com ([209.85.128.68]:53539 "EHLO mail-wm1-f68.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1728726AbfGYKws (ORCPT ); Thu, 25 Jul 2019 06:52:48 -0400 Received: by mail-wm1-f68.google.com with SMTP id x15so44551270wmj.3 for ; Thu, 25 Jul 2019 03:52:47 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=i1Bjt8+Ll+clH1XfAwMheIIcZAXei7lLBKhpDlOqq9g=; b=KUg4CY0j8Pag3pQhOVxCtr0nyPtCw+GvDGQshEy+cbqSiGueIL7WiutuN45wA1sk1S ciRowt1f5p5Gq9FP95+xKq+pqLAvJAwH77gpL4/HogpraBVYgDuM3DHxMk2y3HMvcrWe t/Aw5hvOaubEvxKPmX3Czs46qI/bpwRcgWJjvKUpM5c/+MEUovp0n+kfD4FEY2+iiC3h AUFoJg71XrcSRhxdi9kG4Dtd1QYq9qcfWxd/uTN0/6QJGSwug6xNxPAmRsi6p7e5ckb4 2BtPecJg7jJtxSSilG6V387TRlOb+5LujlQPZdDBMkkJjKf8JPa2xqYCkbtB8JKLBs+9 T60w== X-Gm-Message-State: APjAAAW7LrDrUH11nbc7KzHeWQzukZ/rMOeo7fYQbGDrDCqY4dRyHxuT 62QkWvuVlDrSjObm6EqNcnCMjw9K+NQRLw== X-Google-Smtp-Source: APXvYqzNzb90vkhztwN8bvckZwbeK72rBHQUSJstqnMGH6TTnMv1DBEEJt4LEjfg7ti2aPeVf/OhHA== X-Received: by 2002:a1c:acc8:: with SMTP id v191mr81497309wme.177.1564051966237; Thu, 25 Jul 2019 03:52:46 -0700 (PDT) Received: from localhost.localdomain.com (nat-pool-brq-t.redhat.com. [213.175.37.10]) by smtp.gmail.com with ESMTPSA id y1sm36990792wma.32.2019.07.25.03.52.45 (version=TLS1_3 cipher=AEAD-AES256-GCM-SHA384 bits=256/256); Thu, 25 Jul 2019 03:52:45 -0700 (PDT) From: Ondrej Mosnacek To: selinux@vger.kernel.org, Paul Moore Cc: Dmitry Vyukov , syzbot+fee3a14d4cdf92646287@syzkaller.appspotmail.com Subject: [PATCH] selinux: fix memory leak in policydb_init() Date: Thu, 25 Jul 2019 12:52:43 +0200 Message-Id: <20190725105243.28404-1-omosnace@redhat.com> X-Mailer: git-send-email 2.21.0 MIME-Version: 1.0 Sender: selinux-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: selinux@vger.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP Since roles_init() adds some entries to the role hash table, we need to destroy also its keys/values on error, otherwise we get a memory leak in the error path. Reported-by: syzbot+fee3a14d4cdf92646287@syzkaller.appspotmail.com Fixes: 1da177e4c3f4 ("Linux-2.6.12-rc2") Signed-off-by: Ondrej Mosnacek --- security/selinux/ss/policydb.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c index daecdfb15a9c..38d0083204f1 100644 --- a/security/selinux/ss/policydb.c +++ b/security/selinux/ss/policydb.c @@ -274,6 +274,8 @@ static int rangetr_cmp(struct hashtab *h, const void *k1, const void *k2) return v; } +static int (*destroy_f[SYM_NUM]) (void *key, void *datum, void *datap); + /* * Initialize a policy database structure. */ @@ -321,8 +323,10 @@ static int policydb_init(struct policydb *p) out: hashtab_destroy(p->filename_trans); hashtab_destroy(p->range_tr); - for (i = 0; i < SYM_NUM; i++) + for (i = 0; i < SYM_NUM; i++) { + hashtab_map(p->symtab[i].table, destroy_f[i], NULL); hashtab_destroy(p->symtab[i].table); + } return rc; }