selinux: fix a possible memory leak in cond_read_node()

The cond_read_node() should free the given node on error path as it's
not linked to p->cond_list yet.  This is done via cond_node_destroy()
but it's not called when next_entry() fails before the expr loop.

Signed-off-by: Namhyung Kim <[email protected]>
Signed-off-by: Paul Moore <[email protected]>

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index f09cc7268b65bd9655445d30edb63b3e65906de2..62c6773be0b75f69f4f9c6b579d0205aa602ed5c 100644 (file)
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -404,7 +404,7 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
 
        rc = next_entry(buf, fp, sizeof(u32) * 2);
        if (rc)
-               return rc;
+               goto err;
 
        node->cur_state = le32_to_cpu(buf[0]);