On 12/26/2016 04:18 PM, Nicolas Iooss wrote:
When parsing several genfscon statements for the same filesystem, the
content of local variable "fstype" is never freed. Moreover variable
"type" is never freed when define_genfs_context_helper() succeeds.
Fix these leaks by calling free() appropriately.
These leaks have been detected with gcc Address Sanitizer.
Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx>
Applied.
Thanks,
---
checkpolicy/policy_define.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index ff902787c2aa..780e325af65d 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -5288,6 +5288,9 @@ int define_genfs_context_helper(char *fstype, int has_type)
else
policydbp->genfs = newgenfs;
genfs = newgenfs;
+ } else {
+ free(fstype);
+ fstype = NULL;
}
newc = (ocontext_t *) malloc(sizeof(ocontext_t));
@@ -5345,7 +5348,7 @@ int define_genfs_context_helper(char *fstype, int has_type)
(!newc->v.sclass || !c->v.sclass
|| newc->v.sclass == c->v.sclass)) {
yyerror2("duplicate entry for genfs entry (%s, %s)",
- fstype, newc->u.name);
+ genfs->fstype, newc->u.name);
goto fail;
}
len = strlen(newc->u.name);
@@ -5359,6 +5362,7 @@ int define_genfs_context_helper(char *fstype, int has_type)
p->next = newc;
else
genfs->head = newc;
+ free(type);
return 0;
fail:
if (type)
--
James Carter <jwcart2@xxxxxxxxxxxxx>
National Security Agency
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
