diff options
| author | David Howells <dhowells@redhat.com> | 2010-04-20 22:41:18 +0100 |
|---|---|---|
| committer | James Morris <jmorris@namei.org> | 2010-04-21 09:20:35 +1000 |
| commit | eff30363c0b8b057f773108589bfd8881659fe74 (patch) | |
| tree | 6ae631c2fa01174a24da347b68fc25f0c350bc2b /security/inode.c | |
| parent | 05ce7bfe547c9fa967d9cab6c37867a9cb6fb3fa (diff) | |
CRED: Fix double free in prepare_usermodehelper_creds() error handling
Patch 570b8fb505896e007fd3bb07573ba6640e51851d:
Author: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
Date: Tue Mar 30 00:04:00 2010 +0100
Subject: CRED: Fix memory leak in error handling
attempts to fix a memory leak in the error handling by making the offending
return statement into a jump down to the bottom of the function where a
kfree(tgcred) is inserted.
This is, however, incorrect, as it does a kfree() after doing put_cred() if
security_prepare_creds() fails. That will result in a double free if 'error'
is jumped to as put_cred() will also attempt to free the new tgcred record by
virtue of it being pointed to by the new cred record.
Signed-off-by: David Howells <dhowells@redhat.com>
Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/inode.c')
0 files changed, 0 insertions, 0 deletions