On Wed, Dec 30, 2020 at 4:10 AM Nicolas Iooss <nicolas.iooss@xxxxxxx> wrote: > > When __cil_resolve_perms fails, it does not destroy perm_datums, which > leads to a memory leak reported by OSS-Fuzz with the following CIL > policy: > > (class cl01()) > (classorder(cl01)) > (type at02) > (type tpr3) > (allow at02 tpr3(cl01((s)))) > > Calling cil_list_destroy() fixes the issue. > > Fixes: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28466 > Signed-off-by: Nicolas Iooss <nicolas.iooss@xxxxxxx> > --- > libsepol/cil/src/cil_resolve_ast.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libsepol/cil/src/cil_resolve_ast.c b/libsepol/cil/src/cil_resolve_ast.c > index ecd05dfa5dab..255f17ae7e30 100644 > --- a/libsepol/cil/src/cil_resolve_ast.c > +++ b/libsepol/cil/src/cil_resolve_ast.c > @@ -146,6 +146,7 @@ static int __cil_resolve_perms(symtab_t *class_symtab, symtab_t *common_symtab, > return SEPOL_OK; > > exit: > + cil_list_destroy(perm_datums, CIL_FALSE); > return rc; > } > > -- > 2.29.2 > ack on all but patch #4, comments sent for that patch.
