[redhat-lspp] lspp 18 kernel released
Stephen Smalley
sds at tycho.nsa.gov
Fri Apr 21 16:40:07 UTC 2006
On Thu, 2006-04-20 at 21:38 -0500, Serge E. Hallyn wrote:
> Well I doubt you ran out of memory so quickly, but the first problem I
> see is that while audit_krule_to_data can return -ENOMEM,
> audit_list and audit_list_rules only check for a NULL return.
>
> Another problem is
> security/selinux/ss/services.c:security_sid_to_context doing strcpy into
> a kmalloc'd buffer without checking kmalloc return value. GFP_MALLOC no
> less.
Hmm...good catch, although that only happens in the !ss_initialized
(i.e. no policy loaded yet) code path. Looks like it went from
GFP_KERNEL to GFP_ATOMIC in 2.6.6, but the failure to check the returned
pointer seems to have been there from the beginning.
--
Stephen Smalley
National Security Agency
More information about the redhat-lspp
mailing list