Merge tag 'selinux-pr-20200416' of git://git.kernel.org/pub/scm/linux/kernel/git...

Pull SELinux fix from Paul Moore:
 "One small SELinux fix to ensure we cleanup properly on an error
  condition"

* tag 'selinux-pr-20200416' of git://git.kernel.org/pub/scm/linux/kernel/git/pcmoore/selinux:
  selinux: free str on error in str_read()

diff --git a/security/selinux/ss/policydb.c b/security/selinux/ss/policydb.c
index 70ecdc78efbd9f148d5a6744f4981ded87e5aac3..c21b922e5ebec1c851c74c22d43e17c39ff0c4e8 100644 (file)
--- a/security/selinux/ss/policydb.c
+++ b/security/selinux/ss/policydb.c
@@ -1035,14 +1035,14 @@ static int str_read(char **strp, gfp_t flags, void *fp, u32 len)
        if (!str)
                return -ENOMEM;
 
-       /* it's expected the caller should free the str */
-       *strp = str;
-
        rc = next_entry(str, fp, len);
-       if (rc)
+       if (rc) {
+               kfree(str);
                return rc;
+       }
 
        str[len] = '\0';
+       *strp = str;
        return 0;
 }