In case the init function for a selabel backend fails, free the possible already allocated data: Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x5e7e2bf001e3 in malloc (/tmp/destdir/usr/sbin/selabel_digest+0xc71e3) #1 0x7233764baa65 in selabel_media_init /home/christian/Coding/workspaces/selinux/libselinux/src/label_media.c:226:30 #2 0x7233764ac1fe in selabel_open /home/christian/Coding/workspaces/selinux/libselinux/src/label.c:227:6 #3 0x5e7e2bf3ebfc in main /home/christian/Coding/workspaces/selinux/libselinux/utils/selabel_digest.c:125:8 #4 0x7233761856c9 in __libc_start_call_main csu/../sysdeps/nptl/libc_start_call_main.h:58:16 SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s). Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx> --- libselinux/src/label.c | 5 +---- libselinux/src/label_backends_android.c | 3 +++ libselinux/src/label_db.c | 3 +++ libselinux/src/label_file.c | 3 +++ libselinux/src/label_media.c | 3 +++ libselinux/src/label_x.c | 3 +++ 6 files changed, 16 insertions(+), 4 deletions(-) diff --git a/libselinux/src/label.c b/libselinux/src/label.c index d2e703ef..06d743ec 100644 --- a/libselinux/src/label.c +++ b/libselinux/src/label.c @@ -225,10 +225,7 @@ struct selabel_handle *selabel_open(unsigned int backend, rec->digest = selabel_is_digest_set(opts, nopts); if ((*initfuncs[backend])(rec, opts, nopts)) { - if (rec->digest) - selabel_digest_fini(rec->digest); - free(rec->spec_file); - free(rec); + selabel_close(rec); rec = NULL; } diff --git a/libselinux/src/label_backends_android.c b/libselinux/src/label_backends_android.c index 33a17236..49a87686 100644 --- a/libselinux/src/label_backends_android.c +++ b/libselinux/src/label_backends_android.c @@ -246,6 +246,9 @@ static void closef(struct selabel_handle *rec) struct spec *spec; unsigned int i; + if (!data) + return; + for (i = 0; i < data->nspec; i++) { spec = &data->spec_arr[i]; free(spec->property_key); diff --git a/libselinux/src/label_db.c b/libselinux/src/label_db.c index 2ff10b2f..40d5fc4a 100644 --- a/libselinux/src/label_db.c +++ b/libselinux/src/label_db.c @@ -178,6 +178,9 @@ db_close(struct selabel_handle *rec) spec_t *spec; unsigned int i; + if (!catalog) + return; + for (i = 0; i < catalog->nspec; i++) { spec = &catalog->specs[i]; free(spec->key); diff --git a/libselinux/src/label_file.c b/libselinux/src/label_file.c index 3b2bda97..2732972e 100644 --- a/libselinux/src/label_file.c +++ b/libselinux/src/label_file.c @@ -904,6 +904,9 @@ static void closef(struct selabel_handle *rec) struct stem *stem; unsigned int i; + if (!data) + return; + selabel_subs_fini(data->subs); selabel_subs_fini(data->dist_subs); diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c index fad5ea6d..94a58062 100644 --- a/libselinux/src/label_media.c +++ b/libselinux/src/label_media.c @@ -167,6 +167,9 @@ static void close(struct selabel_handle *rec) struct spec *spec, *spec_arr = data->spec_arr; unsigned int i; + if (!data) + return; + for (i = 0; i < data->nspec; i++) { spec = &spec_arr[i]; free(spec->key); diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c index bf569ca5..f994eefa 100644 --- a/libselinux/src/label_x.c +++ b/libselinux/src/label_x.c @@ -194,6 +194,9 @@ static void close(struct selabel_handle *rec) struct spec *spec, *spec_arr = data->spec_arr; unsigned int i; + if (!data) + return; + for (i = 0; i < data->nspec; i++) { spec = &spec_arr[i]; free(spec->key); -- 2.43.0