From: Zhen Lei <thunder.leizhen@huawei.com>
Date: Tue, 6 Aug 2024 06:51:13 +0000 (+0800)
Subject: selinux: fix potential counting error in avc_add_xperms_decision()
X-Git-Tag: v6.11-rc4~39^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=379d9af3f3da2da1bbfa67baf1820c72a080d1f1;p=thirdparty%2Fkernel%2Flinux.git

selinux: fix potential counting error in avc_add_xperms_decision()

The count increases only when a node is successfully added to
the linked list.

Cc: stable@vger.kernel.org
Fixes: fa1aa143ac4a ("selinux: extended permissions for ioctls")
Signed-off-by: Zhen Lei <thunder.leizhen@huawei.com>
Acked-by: Stephen Smalley <stephen.smalley.work@gmail.com>
Signed-off-by: Paul Moore <paul@paul-moore.com>
---

diff --git a/security/selinux/avc.c b/security/selinux/avc.c
index 32eb67fb3e42c..7087cd2b802d8 100644
--- a/security/selinux/avc.c
+++ b/security/selinux/avc.c
@@ -330,12 +330,12 @@ static int avc_add_xperms_decision(struct avc_node *node,
 {
 	struct avc_xperms_decision_node *dest_xpd;
 
-	node->ae.xp_node->xp.len++;
 	dest_xpd = avc_xperms_decision_alloc(src->used);
 	if (!dest_xpd)
 		return -ENOMEM;
 	avc_copy_xperms_decision(&dest_xpd->xpd, src);
 	list_add(&dest_xpd->xpd_list, &node->ae.xp_node->xpd_head);
+	node->ae.xp_node->xp.len++;
 	return 0;
 }