diff options
Diffstat (limited to 'security')
| -rw-r--r-- | security/keys/keyctl.c | 1 | ||||
| -rw-r--r-- | security/selinux/netlabel.c | 9 | ||||
| -rw-r--r-- | security/smack/smackfs.c | 2 |
3 files changed, 8 insertions, 4 deletions
diff --git a/security/keys/keyctl.c b/security/keys/keyctl.c index e9335e1c6cf..b1ec3b4ee17 100644 --- a/security/keys/keyctl.c +++ b/security/keys/keyctl.c @@ -270,6 +270,7 @@ long keyctl_join_session_keyring(const char __user *_name) /* join the session */ ret = join_session_keyring(name); + kfree(name); error: return ret; diff --git a/security/selinux/netlabel.c b/security/selinux/netlabel.c index f58701a7b72..350794ab9b4 100644 --- a/security/selinux/netlabel.c +++ b/security/selinux/netlabel.c @@ -386,11 +386,12 @@ int selinux_netlbl_inode_permission(struct inode *inode, int mask) if (!S_ISSOCK(inode->i_mode) || ((mask & (MAY_WRITE | MAY_APPEND)) == 0)) return 0; - sock = SOCKET_I(inode); sk = sock->sk; + if (sk == NULL) + return 0; sksec = sk->sk_security; - if (sksec->nlbl_state != NLBL_REQUIRE) + if (sksec == NULL || sksec->nlbl_state != NLBL_REQUIRE) return 0; local_bh_disable(); @@ -490,8 +491,10 @@ int selinux_netlbl_socket_setsockopt(struct socket *sock, lock_sock(sk); rc = netlbl_sock_getattr(sk, &secattr); release_sock(sk); - if (rc == 0 && secattr.flags != NETLBL_SECATTR_NONE) + if (rc == 0) rc = -EACCES; + else if (rc == -ENOMSG) + rc = 0; netlbl_secattr_destroy(&secattr); } diff --git a/security/smack/smackfs.c b/security/smack/smackfs.c index 71e2b914363..8e42800878f 100644 --- a/security/smack/smackfs.c +++ b/security/smack/smackfs.c @@ -334,7 +334,7 @@ static ssize_t smk_write_load(struct file *file, const char __user *buf, break; case 'a': case 'A': - rule.smk_access |= MAY_READ; + rule.smk_access |= MAY_APPEND; break; default: goto out; |