From 5f8ac64b15172c7ced7d7990eb28342092bc751b Mon Sep 17 00:00:00 2001 From: Trent Jaeger Date: Fri, 6 Jan 2006 13:22:39 -0800 Subject: [LSM-IPSec]: Corrections to LSM-IPSec Nethooks This patch contains two corrections to the LSM-IPsec Nethooks patches previously applied. (1) free a security context on a failed insert via xfrm_user interface in xfrm_add_policy. Memory leak. (2) change the authorization of the allocation of a security context in a xfrm_policy or xfrm_state from both relabelfrom and relabelto to setcontext. Signed-off-by: Trent Jaeger Signed-off-by: David S. Miller --- net/xfrm/xfrm_user.c | 1 + 1 file changed, 1 insertion(+) (limited to 'net/xfrm') diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c index 92e2b804c60..ac87a09ba83 100644 --- a/net/xfrm/xfrm_user.c +++ b/net/xfrm/xfrm_user.c @@ -802,6 +802,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY; err = xfrm_policy_insert(p->dir, xp, excl); if (err) { + security_xfrm_policy_free(xp); kfree(xp); return err; } -- cgit v1.2.3-70-g09d2