]> git.ipfire.org Git - thirdparty/linux.git/commitdiff
apparmor: aa_getprocattr free procattr leak on format failure
authorZygmunt Krynicki <me@zygoon.pl>
Sat, 2 May 2026 11:37:14 +0000 (13:37 +0200)
committerJohn Johansen <john.johansen@canonical.com>
Sun, 14 Jun 2026 03:18:30 +0000 (20:18 -0700)
aa_getprocattr() allocates the output string before rendering the label
into it. If the second aa_label_snxprint() call fails, the function
returned without freeing that allocation.

Free and clear the output pointer on the uncommon formatting failure path
before dropping the namespace reference.

Fixes: 76a1d263aba3 ("apparmor: switch getprocattr to using label_print fns()")
Reviewed-by: Tyler Hicks <code@thicks.com>
Reviewed-by: Ryan Lee <ryan.lee@canonical.com>
Signed-off-by: Zygmunt Krynicki <me@zygoon.pl>
Signed-off-by: John Johansen <john.johansen@canonical.com>
security/apparmor/procattr.c

index ce40f15d4952d6e859ef6ed05167c33461448b8b..c07b6e8fd9c93c73ea82361af83337774e6d1bdf 100644 (file)
@@ -54,6 +54,8 @@ int aa_getprocattr(struct aa_label *label, char **string, bool newline)
                                FLAG_SHOW_MODE | FLAG_VIEW_SUBNS |
                                FLAG_HIDDEN_UNCONFINED);
        if (len < 0) {
+               kfree(*string);
+               *string = NULL;
                aa_put_ns(current_ns);
                return len;
        }