Browse files

SELinux: if sel_make_bools errors don't leave inconsistent state

commit 154c50c upstream.

We reset the bool names and values array to NULL, but do not reset the
number of entries in these arrays to 0.  If we error out and then get back
into this function we will walk these NULL pointers based on the belief
that they are non-zero length.

Signed-off-by: Eric Paris <eparis@redhat.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
  • Loading branch information...
1 parent a3af3cf commit f41798196161e37579b3f7c3d3df54a01393500c @eparis eparis committed with bwhacks Apr 4, 2012
Showing with 1 addition and 0 deletions.
  1. +1 −0 security/selinux/selinuxfs.c
View
1 security/selinux/selinuxfs.c
@@ -1238,6 +1238,7 @@ static int sel_make_bools(void)
kfree(bool_pending_names[i]);
kfree(bool_pending_names);
kfree(bool_pending_values);
+ bool_num = 0;
bool_pending_names = NULL;
bool_pending_values = NULL;

0 comments on commit f417981

Please sign in to comment.