• David Howells's avatar
    CRED: Fix double free in prepare_usermodehelper_creds() error handling · eff30363
    David Howells authored
    Patch 570b8fb5:
    
    	Author: Mathieu Desnoyers <mathieu.desnoyers@efficios.com>
    	Date:   Tue Mar 30 00:04:00 2010 +0100
    	Subject: CRED: Fix memory leak in error handling
    
    attempts to fix a memory leak in the error handling by making the offending
    return statement into a jump down to the bottom of the function where a
    kfree(tgcred) is inserted.
    
    This is, however, incorrect, as it does a kfree() after doing put_cred() if
    security_prepare_creds() fails.  That will result in a double free if 'error'
    is jumped to as put_cred() will also attempt to free the new tgcred record by
    virtue of it being pointed to by the new cred record.
    Signed-off-by: default avatarDavid Howells <dhowells@redhat.com>
    Signed-off-by: default avatarJames Morris <jmorris@namei.org>
    eff30363
cred.c 22.4 KB