Re: [PATCH RESEND] libsemanage: fix memory leak in semanage_user_roles

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 20, 2023 at 11:25 AM Christian Göttsche
<cgzones@xxxxxxxxxxxxxx> wrote:
>
> The output parameter `role_arr` of semanage_user_get_roles() is an array
> of non-owned role names.  Since the array is never used again, as its
> contents have been copied into the return value `roles`, free it.
>
> Example leak report from useradd(8):
>
>     Direct leak of 8 byte(s) in 1 object(s) allocated from:
>     #0 0x5597624284a8 in __interceptor_calloc (./shadow/src/useradd+0xee4a8)
>     #1 0x7f53aefcbbf9 in sepol_user_get_roles src/user_record.c:270:21
>
> Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>

Acked-by: James Carter <jwcart2@xxxxxxxxx>

> ---
> same as v1, only signed-of
> ---
>  libsemanage/src/seusers_local.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c
> index 6508ec05..795a33d6 100644
> --- a/libsemanage/src/seusers_local.c
> +++ b/libsemanage/src/seusers_local.c
> @@ -47,6 +47,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename)
>                                                 }
>                                         }
>                                 }
> +                               free(roles_arr);
>                         }
>                         semanage_user_free(user);
>                 }
> --
> 2.40.0
>




[Index of Archives]     [Selinux Refpolicy]     [Linux SGX]     [Fedora Users]     [Fedora Desktop]     [Yosemite Photos]     [Yosemite Camping]     [Yosemite Campsites]     [KDE Users]     [Gnome Users]

  Powered by Linux