svn commit: r234032 - head/sys/security/mac
Robert Watson
rwatson at FreeBSD.org
Sun Apr 8 11:01:49 UTC 2012
Author: rwatson
Date: Sun Apr 8 11:01:49 2012
New Revision: 234032
URL: http://svn.freebsd.org/changeset/base/234032
Log:
When allocation of labels on files is implicitly disabled due to MAC
policy configuration, avoid leaking resources following failed calls
to get and set MAC labels by file descriptor.
Reported by: Mateusz Guzik <mjguzik at gmail.com> + clang scan-build
MFC after: 3 days
Modified:
head/sys/security/mac/mac_syscalls.c
Modified: head/sys/security/mac/mac_syscalls.c
==============================================================================
--- head/sys/security/mac/mac_syscalls.c Sun Apr 8 10:15:56 2012 (r234031)
+++ head/sys/security/mac/mac_syscalls.c Sun Apr 8 11:01:49 2012 (r234032)
@@ -256,8 +256,10 @@ sys___mac_get_fd(struct thread *td, stru
switch (fp->f_type) {
case DTYPE_FIFO:
case DTYPE_VNODE:
- if (!(mac_labeled & MPC_OBJECT_VNODE))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_VNODE)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
vp = fp->f_vnode;
intlabel = mac_vnode_label_alloc();
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
@@ -271,8 +273,10 @@ sys___mac_get_fd(struct thread *td, stru
break;
case DTYPE_PIPE:
- if (!(mac_labeled & MPC_OBJECT_PIPE))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_PIPE)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
pipe = fp->f_data;
intlabel = mac_pipe_label_alloc();
PIPE_LOCK(pipe);
@@ -284,8 +288,10 @@ sys___mac_get_fd(struct thread *td, stru
break;
case DTYPE_SOCKET:
- if (!(mac_labeled & MPC_OBJECT_SOCKET))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_SOCKET)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
so = fp->f_data;
intlabel = mac_socket_label_alloc(M_WAITOK);
SOCK_LOCK(so);
@@ -299,10 +305,10 @@ sys___mac_get_fd(struct thread *td, stru
default:
error = EINVAL;
}
- fdrop(fp, td);
if (error == 0)
error = copyout(buffer, mac.m_string, strlen(buffer)+1);
-
+out_fdrop:
+ fdrop(fp, td);
out:
free(buffer, M_MACTEMP);
free(elements, M_MACTEMP);
@@ -450,8 +456,10 @@ sys___mac_set_fd(struct thread *td, stru
switch (fp->f_type) {
case DTYPE_FIFO:
case DTYPE_VNODE:
- if (!(mac_labeled & MPC_OBJECT_VNODE))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_VNODE)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
intlabel = mac_vnode_label_alloc();
error = mac_vnode_internalize_label(intlabel, buffer);
if (error) {
@@ -475,8 +483,10 @@ sys___mac_set_fd(struct thread *td, stru
break;
case DTYPE_PIPE:
- if (!(mac_labeled & MPC_OBJECT_PIPE))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_PIPE)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
intlabel = mac_pipe_label_alloc();
error = mac_pipe_internalize_label(intlabel, buffer);
if (error == 0) {
@@ -490,8 +500,10 @@ sys___mac_set_fd(struct thread *td, stru
break;
case DTYPE_SOCKET:
- if (!(mac_labeled & MPC_OBJECT_SOCKET))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_SOCKET)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
intlabel = mac_socket_label_alloc(M_WAITOK);
error = mac_socket_internalize_label(intlabel, buffer);
if (error == 0) {
@@ -505,6 +517,7 @@ sys___mac_set_fd(struct thread *td, stru
default:
error = EINVAL;
}
+out_fdrop:
fdrop(fp, td);
out:
free(buffer, M_MACTEMP);
More information about the svn-src-head
mailing list