[PATCH] selinux: fix bug in security_compute_sid

Initializes newcontext sooner to allow for its destruction in all cases.

Signed-off-by: Venkat Yekkirala <vyekkirala@TrustedCS.com>
Signed-off-by: Stephen Smalley <sds@tycho.nsa.gov>
Acked-by: James Morris <jmorris@namei.org>
Signed-off-by: Andrew Morton <akpm@osdl.org>
Signed-off-by: Linus Torvalds <torvalds@osdl.org>

diff --git a/security/selinux/ss/services.c b/security/selinux/ss/services.c
index d2e80e6..85e4298 100644 (file)
--- a/security/selinux/ss/services.c
+++ b/security/selinux/ss/services.c
@@ -833,6 +833,8 @@ static int security_compute_sid(u32 ssid,
                goto out;
        }
 
+       context_init(&newcontext);
+
        POLICY_RDLOCK;
 
        scontext = sidtab_search(&sidtab, ssid);
@@ -850,8 +852,6 @@ static int security_compute_sid(u32 ssid,
                goto out_unlock;
        }
 
-       context_init(&newcontext);
-
        /* Set the user identity. */
        switch (specified) {
        case AVTAB_TRANSITION: