diff options
| author | rwatson <rwatson@FreeBSD.org> | 2012-04-08 11:01:49 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2012-04-08 11:01:49 +0000 |
| commit | b08941230aae5011e4259468d90454de3bfc7a8b (patch) | |
| tree | acc7278b9342b482f9bcb42560da76c43b48f1cc /sys/security | |
| parent | e98d05b4f007c4c6849229bc6c5f1586d0207896 (diff) | |
| download | FreeBSD-src-b08941230aae5011e4259468d90454de3bfc7a8b.zip FreeBSD-src-b08941230aae5011e4259468d90454de3bfc7a8b.tar.gz | |
When allocation of labels on files is implicitly disabled due to MAC
policy configuration, avoid leaking resources following failed calls
to get and set MAC labels by file descriptor.
Reported by: Mateusz Guzik <mjguzik at gmail.com> + clang scan-build
MFC after: 3 days
Diffstat (limited to 'sys/security')
| -rw-r--r-- | sys/security/mac/mac_syscalls.c | 41 |
1 files changed, 27 insertions, 14 deletions
diff --git a/sys/security/mac/mac_syscalls.c b/sys/security/mac/mac_syscalls.c index 51392d7..a20938c 100644 --- a/sys/security/mac/mac_syscalls.c +++ b/sys/security/mac/mac_syscalls.c @@ -256,8 +256,10 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) switch (fp->f_type) { case DTYPE_FIFO: case DTYPE_VNODE: - if (!(mac_labeled & MPC_OBJECT_VNODE)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_VNODE)) { + error = EINVAL; + goto out_fdrop; + } vp = fp->f_vnode; intlabel = mac_vnode_label_alloc(); vfslocked = VFS_LOCK_GIANT(vp->v_mount); @@ -271,8 +273,10 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) break; case DTYPE_PIPE: - if (!(mac_labeled & MPC_OBJECT_PIPE)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_PIPE)) { + error = EINVAL; + goto out_fdrop; + } pipe = fp->f_data; intlabel = mac_pipe_label_alloc(); PIPE_LOCK(pipe); @@ -284,8 +288,10 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) break; case DTYPE_SOCKET: - if (!(mac_labeled & MPC_OBJECT_SOCKET)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_SOCKET)) { + error = EINVAL; + goto out_fdrop; + } so = fp->f_data; intlabel = mac_socket_label_alloc(M_WAITOK); SOCK_LOCK(so); @@ -299,10 +305,10 @@ sys___mac_get_fd(struct thread *td, struct __mac_get_fd_args *uap) default: error = EINVAL; } - fdrop(fp, td); if (error == 0) error = copyout(buffer, mac.m_string, strlen(buffer)+1); - +out_fdrop: + fdrop(fp, td); out: free(buffer, M_MACTEMP); free(elements, M_MACTEMP); @@ -450,8 +456,10 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) switch (fp->f_type) { case DTYPE_FIFO: case DTYPE_VNODE: - if (!(mac_labeled & MPC_OBJECT_VNODE)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_VNODE)) { + error = EINVAL; + goto out_fdrop; + } intlabel = mac_vnode_label_alloc(); error = mac_vnode_internalize_label(intlabel, buffer); if (error) { @@ -475,8 +483,10 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) break; case DTYPE_PIPE: - if (!(mac_labeled & MPC_OBJECT_PIPE)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_PIPE)) { + error = EINVAL; + goto out_fdrop; + } intlabel = mac_pipe_label_alloc(); error = mac_pipe_internalize_label(intlabel, buffer); if (error == 0) { @@ -490,8 +500,10 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) break; case DTYPE_SOCKET: - if (!(mac_labeled & MPC_OBJECT_SOCKET)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_SOCKET)) { + error = EINVAL; + goto out_fdrop; + } intlabel = mac_socket_label_alloc(M_WAITOK); error = mac_socket_internalize_label(intlabel, buffer); if (error == 0) { @@ -505,6 +517,7 @@ sys___mac_set_fd(struct thread *td, struct __mac_set_fd_args *uap) default: error = EINVAL; } +out_fdrop: fdrop(fp, td); out: free(buffer, M_MACTEMP); |
