From 5f8ac64b15172c7ced7d7990eb28342092bc751b Mon Sep 17 00:00:00 2001
From: Trent Jaeger <tjaeger@cse.psu.edu>
Date: Fri, 6 Jan 2006 13:22:39 -0800
Subject: [LSM-IPSec]: Corrections to LSM-IPSec Nethooks

This patch contains two corrections to the LSM-IPsec Nethooks patches
previously applied.

(1) free a security context on a failed insert via xfrm_user
interface in xfrm_add_policy.  Memory leak.

(2) change the authorization of the allocation of a security context
in a xfrm_policy or xfrm_state from both relabelfrom and relabelto
to setcontext.

Signed-off-by: Trent Jaeger <tjaeger@cse.psu.edu>
Signed-off-by: David S. Miller <davem@davemloft.net>
---
 net/xfrm/xfrm_user.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'net/xfrm')

diff --git a/net/xfrm/xfrm_user.c b/net/xfrm/xfrm_user.c
index 92e2b804c60..ac87a09ba83 100644
--- a/net/xfrm/xfrm_user.c
+++ b/net/xfrm/xfrm_user.c
@@ -802,6 +802,7 @@ static int xfrm_add_policy(struct sk_buff *skb, struct nlmsghdr *nlh, void **xfr
 	excl = nlh->nlmsg_type == XFRM_MSG_NEWPOLICY;
 	err = xfrm_policy_insert(p->dir, xp, excl);
 	if (err) {
+		security_xfrm_policy_free(xp);
 		kfree(xp);
 		return err;
 	}
-- 
cgit v1.2.3