From: Himanshu Shukla <himanshu.sh@samsung.com>
Date: Thu, 10 Nov 2016 10:47:02 +0000 (+0530)
Subject: BACKPORT: SMACK: Fix the memory leak in smack_cred_prepare() hook
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=7d2f587340b2304547d3f18f141315cbfb025a02;p=platform%2Fkernel%2Flinux-stable.git

BACKPORT: SMACK: Fix the memory leak in smack_cred_prepare() hook

Memory leak in smack_cred_prepare()function.
smack_cred_prepare() hook returns error if there is error in allocating
memory in smk_copy_rules() or smk_copy_relabel() function.
If smack_cred_prepare() function returns error then the calling
function should call smack_cred_free() function for cleanup.
In smack_cred_free() function first credential is  extracted and
then all rules are deleted. In smack_cred_prepare() function security
field is assigned in the end when all function return success. But this
function may return before and memory will not be freed.

Signed-off-by: Himanshu Shukla <himanshu.sh@samsung.com>
Acked-by: Casey Schaufler <casey@schaufler-ca.com>
(cherry-picked from upstream b437aba85b5c4689543409d8407c016749231aae)
---

diff --git a/security/smack/smack_lsm.c b/security/smack/smack_lsm.c
index 75ededdcd600..cc0eb65f3bfc 100644
--- a/security/smack/smack_lsm.c
+++ b/security/smack/smack_lsm.c
@@ -1999,6 +1999,8 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old,
 	if (new_tsp == NULL)
 		return -ENOMEM;
 
+	new->security = new_tsp;
+
 	rc = smk_copy_rules(&new_tsp->smk_rules, &old_tsp->smk_rules, gfp);
 	if (rc != 0)
 		return rc;
@@ -2008,7 +2010,6 @@ static int smack_cred_prepare(struct cred *new, const struct cred *old,
 	if (rc != 0)
 		return rc;
 
-	new->security = new_tsp;
 	return 0;
 }