BACKPORT: SMACK: Fix the memory leak in smack_cred_prepare() hook

Memory leak in smack_cred_prepare()function.
smack_cred_prepare() hook returns error if there is error in allocating
memory in smk_copy_rules() or smk_copy_relabel() function.
If smack_cred_prepare() function returns error then the calling
function should call smack_cred_free() function for cleanup.
In smack_cred_free() function first credential is  extracted and
then all rules are deleted. In smack_cred_prepare() function security
field is assigned in the end when all function return success. But this
function may return before and memory will not be freed.

Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
(cherry-picked from upstream b437aba85b5c4689543409d8407c016749231aae)

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index d3ab2b63d485adc19397abf33fc11f3949f46769..a966c558331d39cde5a3764c8490f8e7afed26cd 100644 (file)
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -2000,6 +2000,8 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old,
        if (new_tsp == NULL)
                return -ENOMEM;
 
+       new->security = new_tsp;
+
        rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
        if (rc != 0)
                return rc;
@@ -2009,7 +2011,6 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old,
        if (rc != 0)
                return rc;
 
-       new->security = new_tsp;
        return 0;
 }