Re: IPC auditing (Was: Re: Another slab size-32 leak 2.6.16-rc4-mm2)
On Tue, 2006-02-28 at 10:01 -0500, Stephen Smalley wrote:
On Tue, 2006-02-28 at 15:20 +0100, Stephan Mueller wrote:
> [...]
>
> error_path:
> kfree(ctx);
> audit_panic("error in audit_ipc_context");
>
> You free ctx although it has not been allocated - I do not like that ;-)
Common convention is to initialize ctx to NULL upon declaration, and
then such kfree() calls are safe on the error path.
[tangent]
The other problem with this function is that it uses the variable name
"ctx" to describe a security label where "ctx" is used every where
else
in the code to describe an audit context. Also, while I'm on a tangent,
I thought we reached some sort of agreement a while back to rename the
audit_panic function to something like audit_failure()...
[/tangent]
-tim