SELinux: Fix double free in selinux_netlbl_sock_setsid()

Upstream commit: e1770d97a730ff4c3aa1775d98f4d0558390607f

As pointed out by Adrian Bunk, commit
45c950e0f839fded922ebc0bfd59b1081cc71b70 ("fix memory leak in netlabel
code") caused a double-free when security_netlbl_sid_to_secattr()
fails.  This patch fixes this by removing the netlbl_secattr_destroy()
call from that function since we are already releasing the secattr
memory in selinux_netlbl_sock_setsid().

Signed-off-by: Paul Moore <paul.moore@hp.com>
Signed-off-by: David S. Miller <davem@davemloft.net>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index 4bf715d4cf29e2090ab2d7d97b346a5e4087f9dd..3a16abac40c4112c3e54d1495599a75443e79e55 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -2629,7 +2629,6 @@ int security_netlbl_sid_to_secattr(u32 sid, struct netlbl_lsm_secattr *secattr)
 
 netlbl_sid_to_secattr_failure:
        POLICY_RDUNLOCK;
-       netlbl_secattr_destroy(secattr);
        return rc;
 }
 #endif /* CONFIG_NETLABEL */