From: Zygmunt Krynicki Date: Sat, 2 May 2026 11:37:14 +0000 (+0200) Subject: apparmor: aa_getprocattr free procattr leak on format failure X-Git-Tag: v7.2-rc1~43^2~11 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=fea23bf73f0cae8ccb1d0684e4a3003874771f41;p=thirdparty%2Flinux.git apparmor: aa_getprocattr free procattr leak on format failure aa_getprocattr() allocates the output string before rendering the label into it. If the second aa_label_snxprint() call fails, the function returned without freeing that allocation. Free and clear the output pointer on the uncommon formatting failure path before dropping the namespace reference. Fixes: 76a1d263aba3 ("apparmor: switch getprocattr to using label_print fns()") Reviewed-by: Tyler Hicks Reviewed-by: Ryan Lee Signed-off-by: Zygmunt Krynicki Signed-off-by: John Johansen --- diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index ce40f15d4952d..c07b6e8fd9c93 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -54,6 +54,8 @@ int aa_getprocattr(struct aa_label *label, char **string, bool newline) FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED); if (len < 0) { + kfree(*string); + *string = NULL; aa_put_ns(current_ns); return len; }