From: Dan Carpenter Date: Sat, 13 Mar 2010 11:14:22 +0000 (+0300) Subject: tomoyo: fix potential use after free X-Git-Url: https://git.stricted.de/?a=commitdiff_plain;h=181427a7e01beab76c789414334375839f026128;p=GitHub%2Fmt8127%2Fandroid_kernel_alcatel_ttab.git tomoyo: fix potential use after free The original code returns a freed pointer. This function is expected to return NULL on errors. Signed-off-by: Dan Carpenter Acked-by: Tetsuo Handa Signed-off-by: James Morris --- diff --git a/security/tomoyo/common.c b/security/tomoyo/common.c index ff51f1026b57..ef89947a774b 100644 --- a/security/tomoyo/common.c +++ b/security/tomoyo/common.c @@ -886,6 +886,7 @@ static struct tomoyo_profile *tomoyo_find_or_assign_new_profile(const unsigned ptr = kmalloc(sizeof(*ptr), GFP_KERNEL); if (!tomoyo_memory_ok(ptr)) { kfree(ptr); + ptr = NULL; goto ok; } for (i = 0; i < TOMOYO_MAX_CONTROL_INDEX; i++)