diff options
| author | Zilin Guan <zilin@seu.edu.cn> | 2025-04-18 04:52:50 +0000 |
|---|---|---|
| committer | John Johansen <john.johansen@canonical.com> | 2025-05-17 01:20:25 -0700 |
| commit | 2b270e2f43d7498ba00117c60d196435983d83d7 (patch) | |
| tree | af8a4fadd641df64124013cf8d9f3a8d47e847a9 /tools/perf/scripts/python/sctop.py | |
| parent | 3e45553acb14692519db853e4b5be35b45e46ad0 (diff) | |
security/apparmor: use kfree_sensitive() in unpack_secmark()
The unpack_secmark() function currently uses kfree() to release memory
allocated for secmark structures and their labels. However, if a failure
occurs after partially parsing secmark, sensitive data may remain in
memory, posing a security risk.
To mitigate this, replace kfree() with kfree_sensitive() for freeing
secmark structures and their labels, aligning with the approach used
in free_ruleset().
I am submitting this as an RFC to seek freedback on whether this change
is appropriate and aligns with the subsystem's expectations. If
confirmed to be helpful, I will send a formal patch.
Signed-off-by: Zilin Guan <zilin@seu.edu.cn>
Signed-off-by: John Johansen <john.johansen@canonical.com>
Diffstat (limited to 'tools/perf/scripts/python/sctop.py')
0 files changed, 0 insertions, 0 deletions