]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
apparmor: put secmark label after secid lookup
authorZygmunt Krynicki <me@zygoon.pl>
Tue, 5 May 2026 03:40:53 +0000 (05:40 +0200)
committerJohn Johansen <john.johansen@canonical.com>
Sun, 14 Jun 2026 03:18:30 +0000 (20:18 -0700)
apparmor_secmark_init() parses a configured secmark label to obtain its
secid.  aa_label_strn_parse() returns a refcounted label, but the success
path kept that reference after copying the secid.

Fixes: ab9f2115081a ("apparmor: Allow filtering based on secmark policy")
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/net.c

index 44c04102062f3d50317b5f9ce20f7441abdbbd83..df9cb7c00cac8b6c72cdb13d4eb86adb248fbcfc 100644 (file)
@@ -354,6 +354,7 @@ static int apparmor_secmark_init(struct aa_secmark *secmark)
                return PTR_ERR(label);
 
        secmark->secid = label->secid;
+       aa_put_label(label);
 
        return 0;
 }