|
|
|
|
|
|
|
|
|
|
xense-devel
Re: [Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK
And to drill down into module based on core evtchn stuff...
> +static int flask_alloc_security_evtchn(struct evtchn *chn)
> +{
> + int i;
> + struct evtchn_security_struct *esec;
> +
> + for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ ) {
> + esec = xmalloc(struct evtchn_security_struct);
> +
As I mentioned in 1/4 review, this should be done at higher level.
> + if (!esec)
> + return -ENOMEM;
In fact, this is a leak because there's no unwind, and bucket
is freed if this error is encountered.
> +
> + memset(esec, 0, sizeof(struct evtchn_security_struct));
> +
> + esec->chn = &chn[i];
> + esec->sid = SECINITSID_UNLABELED;
> +
> + (&chn[i])->ssid = esec;
> + }
> +
> + return 0;
> +}
> +
> +static void flask_free_security_evtchn(struct evtchn *chn)
> +{
> + int i;
> + struct evtchn_security_struct *esec;
> +
> + if (!chn)
> + return;
> +
> + for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ ) {
> + esec = (&chn[i])->ssid;
This is not a bucket, because this _is_ done at a higher level. Thus,
writing on and freeing random memory.
> +
> + if (!esec)
> + continue;
> +
> + (&chn[i])->ssid = NULL;
> + xfree(esec);
> + }
> +
> +}
_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
|
|
|
|
|