• Casey Schaufler's avatar
    lsm: fix smack_inode_removexattr and xattr_getsecurity memleak · dd1f96a0
    Casey Schaufler authored
    commit 57e7ba04 upstream.
    
    security_inode_getsecurity() provides the text string value
    of a security attribute. It does not provide a "secctx".
    The code in xattr_getsecurity() that calls security_inode_getsecurity()
    and then calls security_release_secctx() happened to work because
    SElinux and Smack treat the attribute and the secctx the same way.
    It fails for cap_inode_getsecurity(), because that module has no
    secctx that ever needs releasing. It turns out that Smack is the
    one that's doing things wrong by not allocating memory when instructed
    to do so by the "alloc" parameter.
    
    The fix is simple enough. Change the security_release_secctx() to
    kfree() because it isn't a secctx being returned by
    security_inode_getsecurity(). Change Smack to allocate the string when
    told to do so.
    
    Note: this also fixes memory leaks for LSMs which implement
    inode_getsecurity but not release_secctx, such as capabilities.
    Signed-off-by: default avatarCasey Schaufler <casey@schaufler-ca.com>
    Reported-by: default avatarKonstantin Khlebnikov <khlebnikov@yandex-team.ru>
    Signed-off-by: default avatarJames Morris <james.l.morris@oracle.com>
    Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
    dd1f96a0
smack_lsm.c 115 KB