From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
Free the two identifiers on an invalid typebounds in the error branch,
similar to the success branch.
Reported-by: oss-fuzz (issue 67700)
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
checkpolicy/policy_define.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index 0cf938ea..92d1e5f2 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -1477,8 +1477,12 @@ int define_typebounds(void)
}
while ((id = queue_remove(id_queue))) {
- if (define_typebounds_helper(bounds, id))
+ if (define_typebounds_helper(bounds, id)) {
+ free(bounds);
+ free(id);
return -1;
+ }
+
free(id);
}
free(bounds);
--
2.43.0
