selinux: fix potential memleak in selinux_add_opt()

This patch try to fix potential memleak in error branch. Fixes: ba6418623385 ("selinux: new helper - selinux_add_opt()") Signed-off-by: Bernard Zhao <bernard@vivo.com> [PM: tweak the subject line, add Fixes tag] Signed-off-by: Paul Moore <paul@paul-moore.com>
author: Bernard Zhao <bernard@vivo.com> 2021-12-10 04:03:58 -0800
committer: Paul Moore <paul@paul-moore.com> 2021-12-21 14:47:35 -0500
commit: 2e08df3c7c4e4e74e3dd5104c100f0bf6288aaa8 (patch)
tree: 55a55e05c90aa4833283069fa012fcd6cc136232 /security
parent: 52f982f00b220d097a71a23c149a1d18efc08e63 (diff)
1 files changed, 10 insertions, 2 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index 818ce976ff6c..8ef63b7af855 100644
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -970,18 +970,22 @@ out:
 static int selinux_add_opt(int token, const char *s, void **mnt_opts)
 {
 	struct selinux_mnt_opts *opts = *mnt_opts;
+	bool is_alloc_opts = false;
 
 	if (token == Opt_seclabel)	/* eaten and completely ignored */
 		return 0;
 
+	if (!s)
+		return -ENOMEM;
+
 	if (!opts) {
 		opts = kzalloc(sizeof(struct selinux_mnt_opts), GFP_KERNEL);
 		if (!opts)
 			return -ENOMEM;
 		*mnt_opts = opts;
+		is_alloc_opts = true;
 	}
-	if (!s)
-		return -ENOMEM;
+
 	switch (token) {
 	case Opt_context:
 		if (opts->context || opts->defcontext)
@@ -1006,6 +1010,10 @@ static int selinux_add_opt(int token, const char *s, void **mnt_opts)
 	}
 	return 0;
 Einval:
+	if (is_alloc_opts) {
+		kfree(opts);
+		*mnt_opts = NULL;
+	}
 	pr_warn(SEL_MOUNT_FAIL_MSG);
 	return -EINVAL;
 }
author	Bernard Zhao <bernard@vivo.com>	2021-12-10 04:03:58 -0800
committer	Paul Moore <paul@paul-moore.com>	2021-12-21 14:47:35 -0500
commit	2e08df3c7c4e4e74e3dd5104c100f0bf6288aaa8 (patch)
tree	55a55e05c90aa4833283069fa012fcd6cc136232 /security
parent	52f982f00b220d097a71a23c149a1d18efc08e63 (diff)