[PATCH] SELinux: Leak in error path

There's a leak here in the first error path.

Found by the Coverity tool.

Signed-off-by: Alexander Nyberg <alexn@dsv.su.se>
Acked-by: James Morris <jmorris@redhat.com>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/security/selinux/ss/conditional.c b/security/selinux/ss/conditional.c
index 90f5fbd5fad5229f8d0d5e1f1b25ba41369e48b2..372e6a729b61b5f073e96e1f7d388376f7c0a9c2 100644 (file)
--- a/security/selinux/ss/conditional.c
+++ b/security/selinux/ss/conditional.c
@@ -401,8 +401,10 @@ static int cond_read_node(struct policydb *p, struct cond_node *node, void *fp)
                expr->expr_type = le32_to_cpu(buf[0]);
                expr->bool = le32_to_cpu(buf[1]);
 
-               if (!expr_isvalid(p, expr))
+               if (!expr_isvalid(p, expr)) {
+                       kfree(expr);
                        goto err;
+               }
 
                if (i == 0) {
                        node->expr = expr;