Re: [PATCH] libsemanage: fix memory leak in semanage_user_roles

[James Carter <jwcart2@xxxxxxxxx>]

On Sat, Apr 1, 2023 at 8:50 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> The output parameter `role_arr` of semanage_user_get_roles() is an array
> of non-owned role names.  Since the array is never used again, as its
> contents have been copied into the return value `roles`, free it.
>
> Example leak report from useradd(8):
>
>     Direct leak of 8 byte(s) in 1 object(s) allocated from:
>     #0 0x5597624284a8 in __interceptor_calloc (./shadow/src/useradd+0xee4a8)
>     #1 0x7f53aefcbbf9 in sepol_user_get_roles src/user_record.c:270:21

I was going to ack this, but I just noticed that it doesn't have a
signed-off line.
Jim

> ---
>  libsemanage/src/seusers_local.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c
> index 6508ec05..795a33d6 100644
> --- a/libsemanage/src/seusers_local.c
> +++ b/libsemanage/src/seusers_local.c
> @@ -47,6 +47,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename)
>                                                 }
>                                         }
>                                 }
> +                               free(roles_arr);
>                         }
>                         semanage_user_free(user);
>                 }
> --
> 2.40.0
>