On Thu, Apr 20, 2023 at 11:25 AM Christian Göttsche <cgzones@xxxxxxxxxxxxxx> wrote: > > The output parameter `role_arr` of semanage_user_get_roles() is an array > of non-owned role names. Since the array is never used again, as its > contents have been copied into the return value `roles`, free it. > > Example leak report from useradd(8): > > Direct leak of 8 byte(s) in 1 object(s) allocated from: > #0 0x5597624284a8 in __interceptor_calloc (./shadow/src/useradd+0xee4a8) > #1 0x7f53aefcbbf9 in sepol_user_get_roles src/user_record.c:270:21 > > Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> Acked-by: James Carter <jwcart2@xxxxxxxxx> > --- > same as v1, only signed-of > --- > libsemanage/src/seusers_local.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c > index 6508ec05..795a33d6 100644 > --- a/libsemanage/src/seusers_local.c > +++ b/libsemanage/src/seusers_local.c > @@ -47,6 +47,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename) > } > } > } > + free(roles_arr); > } > semanage_user_free(user); > } > -- > 2.40.0 >
