tomoyo: fix potential use after free
authorDan Carpenter <error27@gmail.com>
Sat, 13 Mar 2010 11:14:22 +0000 (14:14 +0300)
committerJames Morris <jmorris@namei.org>
Sun, 14 Mar 2010 20:51:29 +0000 (07:51 +1100)
The original code returns a freed pointer.  This function is expected to
return NULL on errors.

Signed-off-by: Dan Carpenter <error27@gmail.com>
Acked-by: Tetsuo Handa <penguin-kernel@I-love.SAKURA.ne.jp>
Signed-off-by: James Morris <jmorris@namei.org>
security/tomoyo/common.c

index ff51f1026b576af78b0ba5138bd8404822a6a130..ef89947a774bbf419aadc0ba6b942985b75b5b50 100644 (file)
@@ -886,6 +886,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned
        ptr = kmalloc(sizeof(*ptr), GFP_KERNEL);
        if (!tomoyo_memory_ok(ptr)) {
                kfree(ptr);
+               ptr = NULL;
                goto ok;
        }
        for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)