SELinux: Bug fix in polidydb_destroy
This patch fixes two bugs in policydb_destroy. Two list pointers (policydb.ocontexts[i] and policydb.genfs) were not being reset to NULL when the lists they pointed to were being freed. This caused a problem when the initial policy load failed, as the policydb being destroyed was not a temporary new policydb that was thrown away, but rather was the global (active) policydb. Consequently, later functions, particularly sys_bind->selinux_socket_bind->security_node_sid and do_rw_proc->selinux_sysctl->selinux_proc_get_sid->security_genfs_sid tried to dereference memory that had previously been freed. Signed-off-by: Chad Sellers <csellers@tresys.com> Signed-off-by: James Morris <jmorris@namei.org>
This commit is contained in:
parent
3bccfbc7a7
commit
6e8c751e07
|
@ -618,6 +618,7 @@ void policydb_destroy(struct policydb *p)
|
|||
c = c->next;
|
||||
ocontext_destroy(ctmp,i);
|
||||
}
|
||||
p->ocontexts[i] = NULL;
|
||||
}
|
||||
|
||||
g = p->genfs;
|
||||
|
@ -633,6 +634,7 @@ void policydb_destroy(struct policydb *p)
|
|||
g = g->next;
|
||||
kfree(gtmp);
|
||||
}
|
||||
p->genfs = NULL;
|
||||
|
||||
cond_policydb_destroy(p);
|
||||
|
||||
|
|
Loading…
Reference in New Issue