Re: [PATCH] kernel: auditfilter: looping issue, memory leak if has2 or more AUDIT_FILTERKEYs

[Chen Gang]

On 2013å04æ11æ 05:19, Eric Paris wrote:
> ----- Original Message -----
> 
>> >   b. has an new issue for AUDIT_DIR:
>> >        after AUDIT_DIR succeed, it will set rule->tree.
>> >        next, the other case fail, then will call audit_free_rule.
>> >        but audit_free_rule will not free rule->tree.
> Definitely a couple of leaks here...
> 
> I'm seeing leaks on size 8, 64, and 128.
> 
> Al, what do you think?  Should I be calling audit_put_tree() in the error case if entry->tree != NULL?  The audit trees are some of the most complex code in the kernel I think.
> 
> 

  can we add it in audit_free_rule ?

  maybe like this:

@@ -75,6 +75,8 @@ static inline void audit_free_rule(struct audit_entry *e)
 	/* some rules don't have associated watches */
 	if (erule->watch)
 		audit_put_watch(erule->watch);
+	if (erule->tree)
+		audit_put_tree(erule->tree);
 	if (erule->fields)
 		for (i = 0; i < erule->field_count; i++) {
 			struct audit_field *f = &erule->fields[i];


  thanks.

  :-)

-- 
Chen Gang

Asianux Corporation
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/