Bug 336801 - memory leak in audit_receive_msg in AUDIT_MAKE_EQUIV:
Summary: memory leak in audit_receive_msg in AUDIT_MAKE_EQUIV:
Keywords:
Status: CLOSED DUPLICATE of bug 335731
Alias: None
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: kernel
Version: 5.0
Hardware: All
OS: Linux
low
low
Target Milestone: ---
: ---
Assignee: Eric Paris
QA Contact: Martin Jenner
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-10-17 22:14 UTC by Eric Paris
Modified: 2007-11-30 22:07 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2007-10-18 14:58:23 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Eric Paris 2007-10-17 22:14:58 UTC
Description of problem:

                ab = audit_log_start(NULL, GFP_KERNEL, AUDIT_CONFIG_CHANGE);
                if (!ab)
                        break;
                audit_log_format(ab, "auid=%u", loginuid);
                if (sid) {
                        u32 len;
                        ctx = NULL;
                        if (selinux_ctxid_to_string(sid, &ctx, &len))
                                audit_log_format(ab, " ssid=%u", sid);
                        else
                                audit_log_format(ab, " subj=%s", ctx);
                        kfree(ctx);
                }
                audit_log_format(ab, " op=make_equiv old=");
                audit_log_untrustedstring(ab, old);
                audit_log_format(ab, " new=");
                audit_log_untrustedstring(ab, new);
                audit_log_format(ab, " res=%d", !err);
                audit_log_end(ab);
                kfree(old);
                kfree(new);

If ab is null for any reason we are going to leak old and new

Comment 1 Eric Paris 2007-10-17 22:16:21 UTC
easy enough to fix.  Either drop the if (!ab) check altogether since everything
can handle null just fine, or wrap all of the audit_log_ stuff in a if(ab) so we
always call the kfrees.

Comment 2 Eric Paris 2007-10-18 14:58:23 UTC
submitted fix for this as part of patch for 335731

*** This bug has been marked as a duplicate of 335731 ***


Note You need to log in before you can comment on or make changes to this bug.