On Fri, 3 Aug 2001, Greg KH wrote: > This is a bit different from all of the other free_security() calls. > Should that just be always a call? And it's up to the security module > to guard if it bprm->security is NULL or not, like the other cases. The reason that I "guard" this call to bprm_ops->free_security (which I also did with the sb_ops->free_security call in fs/super.c:read_super) is to skip the call in the case where the alloc_security routine itself failed (it does a 'goto out;' just like the subsequent code on error). Otherwise, I would need to rearrange the code after the out label and insert a new goto label that would skip the free_security call but do the rest of the cleanup processing. Also, notice that there is a precedent for this kind of guard - the existing code does a 'if (bprm.file) fput(bprm.file);' in the same code path. -- Stephen D. Smalley, NAI Labs ssmalleyat_private _______________________________________________ linux-security-module mailing list linux-security-moduleat_private http://mail.wirex.com/mailman/listinfo/linux-security-module
This archive was generated by hypermail 2b30 : Mon Aug 06 2001 - 06:15:45 PDT