Date: Sun, 8 Apr 2012 11:01:49 +0000 (UTC) From: Robert Watson <rwatson@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r234032 - head/sys/security/mac Message-ID: <201204081101.q38B1nhN008905@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rwatson Date: Sun Apr 8 11:01:49 2012 New Revision: 234032 URL: http://svn.freebsd.org/changeset/base/234032 Log: When allocation of labels on files is implicitly disabled due to MAC policy configuration, avoid leaking resources following failed calls to get and set MAC labels by file descriptor. Reported by: Mateusz Guzik <mjguzik at gmail.com> + clang scan-build MFC after: 3 days Modified: head/sys/security/mac/mac_syscalls.c Modified: head/sys/security/mac/mac_syscalls.c ============================================================================== --- head/sys/security/mac/mac_syscalls.c Sun Apr 8 10:15:56 2012 (r234031) +++ head/sys/security/mac/mac_syscalls.c Sun Apr 8 11:01:49 2012 (r234032) @@ -256,8 +256,10 @@ sys___mac_get_fd(struct thread *td, stru switch (fp->f_type) { case DTYPE_FIFO: case DTYPE_VNODE: - if (!(mac_labeled & MPC_OBJECT_VNODE)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_VNODE)) { + error = EINVAL; + goto out_fdrop; + } vp = fp->f_vnode; intlabel = mac_vnode_label_alloc(); vfslocked = VFS_LOCK_GIANT(vp->v_mount); @@ -271,8 +273,10 @@ sys___mac_get_fd(struct thread *td, stru break; case DTYPE_PIPE: - if (!(mac_labeled & MPC_OBJECT_PIPE)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_PIPE)) { + error = EINVAL; + goto out_fdrop; + } pipe = fp->f_data; intlabel = mac_pipe_label_alloc(); PIPE_LOCK(pipe); @@ -284,8 +288,10 @@ sys___mac_get_fd(struct thread *td, stru break; case DTYPE_SOCKET: - if (!(mac_labeled & MPC_OBJECT_SOCKET)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_SOCKET)) { + error = EINVAL; + goto out_fdrop; + } so = fp->f_data; intlabel = mac_socket_label_alloc(M_WAITOK); SOCK_LOCK(so); @@ -299,10 +305,10 @@ sys___mac_get_fd(struct thread *td, stru default: error = EINVAL; } - fdrop(fp, td); if (error == 0) error = copyout(buffer, mac.m_string, strlen(buffer)+1); - +out_fdrop: + fdrop(fp, td); out: free(buffer, M_MACTEMP); free(elements, M_MACTEMP); @@ -450,8 +456,10 @@ sys___mac_set_fd(struct thread *td, stru switch (fp->f_type) { case DTYPE_FIFO: case DTYPE_VNODE: - if (!(mac_labeled & MPC_OBJECT_VNODE)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_VNODE)) { + error = EINVAL; + goto out_fdrop; + } intlabel = mac_vnode_label_alloc(); error = mac_vnode_internalize_label(intlabel, buffer); if (error) { @@ -475,8 +483,10 @@ sys___mac_set_fd(struct thread *td, stru break; case DTYPE_PIPE: - if (!(mac_labeled & MPC_OBJECT_PIPE)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_PIPE)) { + error = EINVAL; + goto out_fdrop; + } intlabel = mac_pipe_label_alloc(); error = mac_pipe_internalize_label(intlabel, buffer); if (error == 0) { @@ -490,8 +500,10 @@ sys___mac_set_fd(struct thread *td, stru break; case DTYPE_SOCKET: - if (!(mac_labeled & MPC_OBJECT_SOCKET)) - return (EINVAL); + if (!(mac_labeled & MPC_OBJECT_SOCKET)) { + error = EINVAL; + goto out_fdrop; + } intlabel = mac_socket_label_alloc(M_WAITOK); error = mac_socket_internalize_label(intlabel, buffer); if (error == 0) { @@ -505,6 +517,7 @@ sys___mac_set_fd(struct thread *td, stru default: error = EINVAL; } +out_fdrop: fdrop(fp, td); out: free(buffer, M_MACTEMP);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201204081101.q38B1nhN008905>