selinux: fix a possible memory leak in cond_read_node()

The cond_read_node() should free the given node on error path as it's not linked to p->cond_list yet. This is done via cond_node_destroy() but it's not called when next_entry() fails before the expr loop. Signed-off-by: Namhyung Kim <[email protected]> Signed-off-by: Paul Moore <[email protected]> Signed-off-by: franciscofranco <[email protected]>
DerRomtester · Sep 21, 2016 · f385633 · f385633
1 parent 6d43ba6
commit f385633
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
@@ -405,7 +405,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
 
 	rc = next_entry(buf, fp, sizeof(u32) * 2);
 	if (rc)
-		return rc;
+		goto err;
 
 	node->cur_state = le32_to_cpu(buf[0]);