apparmor: fix memory leak when deduping profile load

AppArmor is leaking the newly loaded profile and its proxy when the profile is an exact match to the currently loaded version. In this case the dedup check results in the profile being skipped and put without dealing with the proxy ref thus not breaking a circular refcount and causing a leak. BugLink: http://bugs.launchpad.net/bugs/1750594 Fixes: 5d5182c ("apparmor: move to per loaddata files, instead of replicating in profiles") Signed-off-by: John Johansen <john.johansen@canonical.com>
DX37 · Jun 7, 2018 · 3ddae98 · 3ddae98
1 parent 11c92f1
commit 3ddae98
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/security/apparmor/policy.c b/security/apparmor/policy.c
@@ -1008,6 +1008,9 @@ ssize_t aa_replace_profiles(struct aa_ns *policy_ns, struct aa_label *label,
 			audit_policy(label, op, ns_name, ent->new->base.hname,
 				     "same as current profile, skipping",
 				     error);
+			/* break refcount cycle with proxy. */
+			aa_put_proxy(ent->new->label.proxy);
+			ent->new->label.proxy = NULL;
 			goto skip;
 		}