[PATCH 2/4] selinux: free memory in error branch

Christian Göttsche <cgoettsche@xxxxxxxxxxxxx> · Fri, 18 Oct 2024 17:12:58 +0200

From: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>

Free the allocated line if it fails to parse via process_line() for the
X or media database.

Also declare the line_buf parameter of process_line() const, so it is
more obvious it is not modified or free'd.

Reported-by: clang-analyzer
Signed-off-by: Christian Göttsche <cgzones@xxxxxxxxxxxxxx>
---
 libselinux/src/label_media.c | 6 +++---
 libselinux/src/label_x.c     | 6 +++---
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/libselinux/src/label_media.c b/libselinux/src/label_media.c
index bae065c1..d535ef86 100644
--- a/libselinux/src/label_media.c
+++ b/libselinux/src/label_media.c
@@ -30,12 +30,12 @@ struct saved_data {
 	spec_t *spec_arr;
 };
 
-static int process_line(const char *path, char *line_buf, int pass,
+static int process_line(const char *path, const char *line_buf, int pass,
 			unsigned lineno, struct selabel_handle *rec)
 {
 	struct saved_data *data = (struct saved_data *)rec->data;
 	int items;
-	char *buf_p;
+	const char *buf_p;
 	char *key, *context;
 
 	buf_p = line_buf;
@@ -145,7 +145,6 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 				goto finish;
 		}
 	}
-	free(line_buf);
 
 	status = digest_add_specfile(rec->digest, fp, NULL, sb.st_size, path);
 	if (status)
@@ -154,6 +153,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 	digest_gen_hash(rec->digest);
 
 finish:
+	free(line_buf);
 	fclose(fp);
 	return status;
 }
diff --git a/libselinux/src/label_x.c b/libselinux/src/label_x.c
index ddae4f6c..c0d1d475 100644
--- a/libselinux/src/label_x.c
+++ b/libselinux/src/label_x.c
@@ -32,12 +32,12 @@ struct saved_data {
 	spec_t *spec_arr;
 };
 
-static int process_line(const char *path, char *line_buf, int pass,
+static int process_line(const char *path, const char *line_buf, int pass,
 			unsigned lineno, struct selabel_handle *rec)
 {
 	struct saved_data *data = (struct saved_data *)rec->data;
 	int items;
-	char *buf_p;
+	const char *buf_p;
 	char *type, *key, *context;
 
 	buf_p = line_buf;
@@ -172,7 +172,6 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 				goto finish;
 		}
 	}
-	free(line_buf);
 
 	status = digest_add_specfile(rec->digest, fp, NULL, sb.st_size, path);
 	if (status)
@@ -181,6 +180,7 @@ static int init(struct selabel_handle *rec, const struct selinux_opt *opts,
 	digest_gen_hash(rec->digest);
 
 finish:
+	free(line_buf);
 	fclose(fp);
 	return status;
 }
-- 
2.45.2








