selinux: fix potential memleak in selinux_add_opt()

[ Upstream commit 2e08df3c7c4e4e74e3dd5104c100f0bf6288aaa8 ]

This patch try to fix potential memleak in error branch.

Fixes: ba6418623385 ("selinux: new helper - selinux_add_opt()")
Signed-off-by: Bernard Zhao <bernard@vivo.com>
[PM: tweak the subject line, add Fixes tag]
Signed-off-by: Paul Moore <paul@paul-moore.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 9309e62..baa12d1 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -987,18 +987,22 @@ out:
 static int selinux_add_opt(int token, const char *s, void **mnt_opts)
 {
        struct selinux_mnt_opts *opts = *mnt_opts;
+       bool is_alloc_opts = false;
 
        if (token == Opt_seclabel)      /* eaten and completely ignored */
                return 0;
 
+       if (!s)
+               return -ENOMEM;
+
        if (!opts) {
                opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
                if (!opts)
                        return -ENOMEM;
                *mnt_opts = opts;
+               is_alloc_opts = true;
        }
-       if (!s)
-               return -ENOMEM;
+
        switch (token) {
        case Opt_context:
                if (opts->context || opts->defcontext)
@@ -1023,6 +1027,10 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
        }
        return 0;
 Einval:
+       if (is_alloc_opts) {
+               kfree(opts);
+               *mnt_opts = NULL;
+       }
        pr_warn(SEL_MOUNT_FAIL_MSG);
        return -EINVAL;
 }