On Tue, Nov 22, 2022 at 3:05 AM Jie Lu <lujie54@xxxxxxxxxx> wrote:
>
> 1. check the return of strdup to avoid a potential NULL reference.
> 2. make sure line_buf is freed.
>
> Signed-off-by: Jie Lu <lujie54@xxxxxxxxxx>
Acked-by: James Carter <jwcart2@xxxxxxxxx>
> ---
> libselinux/src/label_db.c | 8 +++++++-
> 1 file changed, 7 insertions(+), 1 deletion(-)
>
> diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c
> index 94c05c6d..bd73201c 100644
> --- a/libselinux/src/label_db.c
> +++ b/libselinux/src/label_db.c
> @@ -293,6 +293,11 @@ db_init(const struct selinux_opt *opts, unsigned nopts,
> return NULL;
> }
> rec->spec_file = strdup(path);
> + if (!rec->spec_file) {
> + free(catalog);
> + fclose(filp);
> + return NULL;
> + }
>
> /*
> * Parse for each lines
> @@ -322,18 +327,19 @@ db_init(const struct selinux_opt *opts, unsigned nopts,
> if (process_line(path, line_buf, ++line_num, catalog) < 0)
> goto out_error;
> }
> - free(line_buf);
>
> if (digest_add_specfile(rec->digest, filp, NULL, sb.st_size, path) < 0)
> goto out_error;
>
> digest_gen_hash(rec->digest);
>
> + free(line_buf);
> fclose(filp);
>
> return catalog;
>
> out_error:
> + free(line_buf);
> for (i = 0; i < catalog->nspec; i++) {
> spec_t *spec = &catalog->specs[i];
>
> --
> 2.27.0
>
