summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDan Carpenter <error27@gmail.com>2010-03-13 14:14:22 +0300
committerJames Morris <jmorris@namei.org>2010-03-15 07:51:29 +1100
commit181427a7e01beab76c789414334375839f026128 (patch)
tree3a50a93331b536b80d9c393a034489c9678d8a13
parentbca14dd14f3b0c5e3e2d1d314679f85b67871365 (diff)
downloadkernel-crypto-181427a7e01beab76c789414334375839f026128.tar.gz
kernel-crypto-181427a7e01beab76c789414334375839f026128.tar.xz
kernel-crypto-181427a7e01beab76c789414334375839f026128.zip
tomoyo: fix potential use after free
The original code returns a freed pointer. This function is expected to return NULL on errors. Signed-off-by: Dan Carpenter <error27@gmail.com> Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp> Signed-off-by: James Morris <jmorris@namei.org>
-rw-r--r--security/tomoyo/common.c1
1 files changed, 1 insertions, 0 deletions
diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c
index ff51f1026b5..ef89947a774 100644
--- a/security/tomoyo/common.c
+++ b/security/tomoyo/common.c
@@ -886,6 +886,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
ptr = kmalloc(sizeof(*ptr), GFP_KERNEL);
if (!tomoyo_memory_ok(ptr)) {
kfree(ptr);
+ ptr = NULL;
goto ok;
}
for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)