Re: [Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: F

And to drill down into module based on core evtchn stuff...

> +static int flask_alloc_security_evtchn(struct evtchn *chn)
> +{
> +    int i;
> +    struct evtchn_security_struct *esec;
> +
> +    for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ ) {
> +        esec = xmalloc(struct evtchn_security_struct);
> +    

As I mentioned in 1/4 review, this should be done at higher level.

> +        if (!esec)
> +            return -ENOMEM;

In fact, this is a leak because there's no unwind, and bucket
is freed if this error is encountered.

> +        
> +        memset(esec, 0, sizeof(struct evtchn_security_struct));
> +    
> +        esec->chn = &chn[i];
> +        esec->sid = SECINITSID_UNLABELED;
> +
> +        (&chn[i])->ssid = esec;
> +    }
> +    
> +    return 0;    
> +}
> +
> +static void flask_free_security_evtchn(struct evtchn *chn)
> +{
> +    int i;
> +    struct evtchn_security_struct *esec;
> +
> +    if (!chn)
> +        return;
> +            
> +    for ( i = 0; i < EVTCHNS_PER_BUCKET; i++ ) {
> +        esec = (&chn[i])->ssid;

This is not a bucket, because this _is_ done at a higher level.  Thus,
writing on and freeing random memory.

> +    
> +        if (!esec)
> +            continue;
> +        
> +        (&chn[i])->ssid = NULL;
> +        xfree(esec);
> +    }
> +
> +}

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:

Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, Chris Wright

Next by Date:

Re: [Xen-devel][Xense-devel][PATCH][1/4] Xen Security Modules: XSM, George S. Coker, II

Previous by Thread:

[Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK, George S. Coker, II

Next by Thread:

Re: [Xen-devel][Xense-devel][PATCH][2/4] Xen Securtiy Modules: FLASK, Mark Williamson

Indexes:

[Date] [Thread] [Top] [All Lists]