[PATCH 01/11] AppArmor: Fix put of unassigned ns if aa_unpack fails
Andy Whitcroft
apw at canonical.com
Tue Apr 13 08:48:41 UTC 2010
On Tue, Apr 13, 2010 at 12:09:30AM -0700, john.johansen at canonical.com wrote:
> From: John Johansen <john.johansen at canonical.com>
>
> If the call to aa_unpack in aa_interface_replace_profiles fails, it jumps
> to the end of the function which performs a put_namespace on the unassigned
> ns variable.
>
> Signed-off-by: John Johansen <john.johansen at canonical.com>
> ---
> security/apparmor/policy.c | 2 +-
> 1 files changed, 1 insertions(+), 1 deletions(-)
>
> diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
> index a92ad82..61f0043 100644
> --- a/security/apparmor/policy.c
> +++ b/security/apparmor/policy.c
> @@ -904,7 +904,7 @@ ssize_t aa_interface_replace_profiles(void *udata, size_t size, bool add_only)
> struct aa_policy *policy;
> struct aa_profile *old_profile = NULL, *new_profile = NULL;
> struct aa_profile *rename_profile = NULL;
> - struct aa_namespace *ns;
> + struct aa_namespace *ns = NULL;
> ssize_t error;
> struct aa_audit_iface sa = {
> .base.operation = "profile_replace",
> --
Confirmed that aa_put_namespace will correctly handle NULL. Looks
reasonable to me.
Acked-by: Andy Whitcroft <apw at canonical.com>
-apw
More information about the kernel-team
mailing list