projects / firefly-linux-kernel-4.4.55.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
seccomp: fix memory leak on filter attach
[firefly-linux-kernel-4.4.55.git] / kernel / seccomp.c
diff --git a/kernel/seccomp.c b/kernel/seccomp.c
index b7a10048a32c11fb473515d9075ef2b0782a563a..260ff1fce63dbaf792e39ffe49235afc19fcf3a4 100644 (file)
--- a/kernel/seccomp.c
+++ b/kernel/seccomp.c
@@ -273,7 +273,23 @@ static long seccomp_attach_filter(struct sock_fprog *fprog)
        /* Check and rewrite the fprog for seccomp use */
        ret = seccomp_check_filter(filter->insns, filter->len);
        if (ret)
-               goto fail;
+               goto free_prog;
+
+       /* Allocate a new seccomp_filter */
+       ret = -ENOMEM;
+       filter = kzalloc(sizeof(struct seccomp_filter) +
+                        sizeof(struct sock_filter_int) * new_len,
+                        GFP_KERNEL|__GFP_NOWARN);
+       if (!filter)
+               goto free_prog;
+
+       ret = sk_convert_filter(fp, fprog->len, filter->insnsi, &new_len);
+       if (ret)
+               goto free_filter;
+       kfree(fp);
+
+       atomic_set(&filter->usage, 1);
+       filter->len = new_len;
 
        /*
         * If there is an existing filter, make it the prev and don't drop its
Unnamed repository; edit this file 'description' to name the repository.