You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Casey Schaufler 88c195d638 lsm: fix smack_inode_removexattr and xattr_getsecurity memleak ... commit 57e7ba04d4 upstream. security_inode_getsecurity() provides the text string value of a security attribute. It does not provide a "secctx". The code in xattr_getsecurity() that calls security_inode_getsecurity() and then calls security_release_secctx() happened to work because SElinux and Smack treat the attribute and the secctx the same way. It fails for cap_inode_getsecurity(), because that module has no secctx that ever needs releasing. It turns out that Smack is the one that's doing things wrong by not allocating memory when instructed to do so by the "alloc" parameter. The fix is simple enough. Change the security_release_secctx() to kfree() because it isn't a secctx being returned by security_inode_getsecurity(). Change Smack to allocate the string when told to do so. Note: this also fixes memory leaks for LSMs which implement inode_getsecurity but not release_secctx, such as capabilities. Signed-off-by: Casey Schaufler <casey@schaufler-ca.com> Reported-by: Konstantin Khlebnikov <khlebnikov@yandex-team.ru> Signed-off-by: James Morris <james.l.morris@oracle.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>		6 years ago
..
Kconfig	Smack: Signal delivery as an append operation	7 years ago
Makefile	Smack: Repair netfilter dependency	8 years ago
smack.h	Smack: Signal delivery as an append operation	7 years ago
smack_access.c	vfs: make the string hashes salt the hash	7 years ago
smack_lsm.c	lsm: fix smack_inode_removexattr and xattr_getsecurity memleak	6 years ago
smack_netfilter.c	security: Use IS_ENABLED() instead of checking for built-in or module	7 years ago
smackfs.c	Smack: Use memdup_user() rather than duplicating its implementation	7 years ago