SELinux Mailing List - NSA/CSS

Skip All Menus Skip Top Menu

Top Navigation Menus

Skip Research Menus

Research Menu

Research Security Enhanced Linux What's New Frequently Asked Questions Background Documents License Download Participating Mail List Archives Remaining Work Contributors Related Work Press Releases Information Assurance Research NIARL In-house Research Areas Mathematical Sciences Program Sabbaticals Computer & Information Sciences Research Technology Transfer Advanced Computing Advanced Mathematics Communications & Networking Information Processing Microelectronics Other Technologies Technology Fact Sheets Publications Related Links	Skip Search Box Searchbox SELinux Mailing List Re: [PATCH 1/4] selinux: add support for querying object classes and permissions from the running policy This message: [ Message body ] [ More options ] Related messages: [ Next message ] [ Previous message ] [ In reply to ] [ Next in thread ] [ Replies ] From: James Antill <jantill_at_redhat.com> Date: Wed, 23 May 2007 11:42:07 -0400 On Wed, 2007-05-23 at 09:12 -0400, Christopher J. PeBenito wrote: > > +static int get_permissions_callback(void k, void d, void args)* > +{ > + struct perm_datum datum = d;* > + char name = k, *perms = args; > + int value = datum->value - 1; > + > + perms[value] = kstrdup(name, GFP_ATOMIC); > + if (!perms[value]) > + return -ENOMEM; > + > + return 0; > +} > + > +int security_get_permissions(char class, char **perms, int nperms)* > +{ [...] > + nperms = match->permissions.nprim;* > + perms = kcalloc(nperms, sizeof(perms), GFP_ATOMIC);* > + if (!perms)* > + goto out; > + > + if (match->comdatum) { > + rc = hashtab_map(match->comdatum->permissions.table, > + get_permissions_callback, perms);* > + if (rc < 0) > + goto err; > + } > + > + rc = hashtab_map(match->permissions.table, get_permissions_callback, > + perms);* So I'm probably just wasting your time out of ignorance here, but this looks really suspicious to me. Why don't you need to add in match->comdatum->permissions.nprim for the allocation? Also how is it guaranteed that one "datum->value - 1" won't be the same in both hashtabs? (if it isn't you've leaked memory). -- James Antill <jantill@redhat.com> -- This message was distributed to subscribers of the selinux mailing list. If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes as the message. application/pgp-signature attachment: This is a digitally signed message part Received on Wed 23 May 2007 - 11:42:13 EDT This message: [ Message body ] Next message: Christopher J. PeBenito: "Re: [PATCH 1/4] selinux: add support for querying object classes and permissions from the running policy" Previous message: Karl MacMillan: "Re: Fedora Core 7 has frozen and Fedora 8 Development has started" In reply to: Christopher J. PeBenito: "[PATCH 1/4] selinux: add support for querying object classes and permissions from the running policy" Next in thread: Christopher J. PeBenito: "Re: [PATCH 1/4] selinux: add support for querying object classes and permissions from the running policy" Reply: Christopher J. PeBenito: "Re: [PATCH 1/4] selinux: add support for querying object classes and permissions from the running policy" Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ]
	Date Posted: Jan 15, 2009 \| Last Modified: Jan 15, 2009 \| Last Reviewed: Jan 15, 2009

bottom