aa_getprocattr() allocates the output string before rendering the label into it. If the second aa_label_snxprint() call fails, the function returned without freeing that allocation.
Free and clear the output pointer on the uncommon formatting failure path before dropping the namespace reference. Signed-off-by: Zygmunt Krynicki <[email protected]> --- security/apparmor/procattr.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/security/apparmor/procattr.c b/security/apparmor/procattr.c index ce40f15d4952d..c07b6e8fd9c93 100644 --- a/security/apparmor/procattr.c +++ b/security/apparmor/procattr.c @@ -54,6 +54,8 @@ int aa_getprocattr(struct aa_label *label, char **string, bool newline) FLAG_SHOW_MODE | FLAG_VIEW_SUBNS | FLAG_HIDDEN_UNCONFINED); if (len < 0) { + kfree(*string); + *string = NULL; aa_put_ns(current_ns); return len; } -- 2.53.0
