svn commit: r238698 - stable/8/sys/security/mac
Robert Watson
rwatson at FreeBSD.org
Sun Jul 22 16:56:59 UTC 2012
Author: rwatson
Date: Sun Jul 22 16:56:59 2012
New Revision: 238698
URL: http://svn.freebsd.org/changeset/base/238698
Log:
Merge r234032 from head to stable/8:
When allocation of labels on files is implicitly disabled due to MAC
policy configuration, avoid leaking resources following failed calls
to get and set MAC labels by file descriptor.
Reported by: Mateusz Guzik <mjguzik at gmail.com> + clang scan-build
Modified:
stable/8/sys/security/mac/mac_syscalls.c
Directory Properties:
stable/8/sys/ (props changed)
Modified: stable/8/sys/security/mac/mac_syscalls.c
==============================================================================
--- stable/8/sys/security/mac/mac_syscalls.c Sun Jul 22 15:40:31 2012 (r238697)
+++ stable/8/sys/security/mac/mac_syscalls.c Sun Jul 22 16:56:59 2012 (r238698)
@@ -252,8 +252,10 @@ __mac_get_fd(struct thread *td, struct _
switch (fp->f_type) {
case DTYPE_FIFO:
case DTYPE_VNODE:
- if (!(mac_labeled & MPC_OBJECT_VNODE))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_VNODE)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
vp = fp->f_vnode;
intlabel = mac_vnode_label_alloc();
vfslocked = VFS_LOCK_GIANT(vp->v_mount);
@@ -267,8 +269,10 @@ __mac_get_fd(struct thread *td, struct _
break;
case DTYPE_PIPE:
- if (!(mac_labeled & MPC_OBJECT_PIPE))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_PIPE)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
pipe = fp->f_data;
intlabel = mac_pipe_label_alloc();
PIPE_LOCK(pipe);
@@ -280,8 +284,10 @@ __mac_get_fd(struct thread *td, struct _
break;
case DTYPE_SOCKET:
- if (!(mac_labeled & MPC_OBJECT_SOCKET))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_SOCKET)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
so = fp->f_data;
intlabel = mac_socket_label_alloc(M_WAITOK);
SOCK_LOCK(so);
@@ -295,10 +301,10 @@ __mac_get_fd(struct thread *td, struct _
default:
error = EINVAL;
}
- fdrop(fp, td);
if (error == 0)
error = copyout(buffer, mac.m_string, strlen(buffer)+1);
-
+out_fdrop:
+ fdrop(fp, td);
out:
free(buffer, M_MACTEMP);
free(elements, M_MACTEMP);
@@ -446,8 +452,10 @@ __mac_set_fd(struct thread *td, struct _
switch (fp->f_type) {
case DTYPE_FIFO:
case DTYPE_VNODE:
- if (!(mac_labeled & MPC_OBJECT_VNODE))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_VNODE)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
intlabel = mac_vnode_label_alloc();
error = mac_vnode_internalize_label(intlabel, buffer);
if (error) {
@@ -471,8 +479,10 @@ __mac_set_fd(struct thread *td, struct _
break;
case DTYPE_PIPE:
- if (!(mac_labeled & MPC_OBJECT_PIPE))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_PIPE)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
intlabel = mac_pipe_label_alloc();
error = mac_pipe_internalize_label(intlabel, buffer);
if (error == 0) {
@@ -486,8 +496,10 @@ __mac_set_fd(struct thread *td, struct _
break;
case DTYPE_SOCKET:
- if (!(mac_labeled & MPC_OBJECT_SOCKET))
- return (EINVAL);
+ if (!(mac_labeled & MPC_OBJECT_SOCKET)) {
+ error = EINVAL;
+ goto out_fdrop;
+ }
intlabel = mac_socket_label_alloc(M_WAITOK);
error = mac_socket_internalize_label(intlabel, buffer);
if (error == 0) {
@@ -501,6 +513,7 @@ __mac_set_fd(struct thread *td, struct _
default:
error = EINVAL;
}
+out_fdrop:
fdrop(fp, td);
out:
free(buffer, M_MACTEMP);
More information about the svn-src-stable-8
mailing list