Re: [PATCH 1/1] selinux: fix double free

[Tom Rix]

>> +++ b/security/selinux/ss/services.c
>> @@ -2888,8 +2888,12 @@ int security_get_bools(struct selinux_state *state,
>>         if (*names) {
>>                 for (i = 0; i < *len; i++)
>>                         kfree((*names)[i]);
>> +               kfree(names);
> kfree(*names)?

Yes.

> kfree(*values);
>> +       *len = 0;
>> +       *names = NULL;
>> +       *values = NULL;
>>         goto out;
>>  }
> Wondering if the caller handling ought to be changed too even though
> this should avoid the problem.
>
The poisoning of the returns avoids this.