diff options
| author | Xiu Jianfeng <xiujianfeng@huawei.com> | 2022-10-28 20:33:20 +0800 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2022-12-31 13:14:22 +0100 |
| commit | 5f509fa740b17307f0cba412485072f632d5af36 (patch) | |
| tree | 41be5afc4e41ae044e5732bc448d9a471daeb976 /security | |
| parent | 46f3cb83e4805a41c5c2b8cd6e7ca949db7dbca2 (diff) | |
| download | linux-5f509fa740b17307f0cba412485072f632d5af36.tar.gz linux-5f509fa740b17307f0cba412485072f632d5af36.tar.bz2 linux-5f509fa740b17307f0cba412485072f632d5af36.zip | |
apparmor: Fix memleak in alloc_ns()
[ Upstream commit e9e6fa49dbab6d84c676666f3fe7d360497fd65b ]
After changes in commit a1bd627b46d1 ("apparmor: share profile name on
replacement"), the hname member of struct aa_policy is not valid slab
object, but a subset of that, it can not be freed by kfree_sensitive(),
use aa_policy_destroy() to fix it.
Fixes: a1bd627b46d1 ("apparmor: share profile name on replacement")
Signed-off-by: Xiu Jianfeng <xiujianfeng@huawei.com>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
Diffstat (limited to 'security')
| -rw-r--r-- | security/apparmor/policy_ns.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/security/apparmor/policy_ns.c b/security/apparmor/policy_ns.c index 70921d95fb40..53d24cf63893 100644 --- a/security/apparmor/policy_ns.c +++ b/security/apparmor/policy_ns.c @@ -121,7 +121,7 @@ static struct aa_ns *alloc_ns(const char *prefix, const char *name) return ns; fail_unconfined: - kfree_sensitive(ns->base.hname); + aa_policy_destroy(&ns->base); fail_ns: kfree_sensitive(ns); return NULL; |