Message ID | 20240430153024.790044-1-vmojzis@redhat.com (mailing list archive) |
---|---|
State | Accepted |
Commit | 2771dc43291f |
Delegated to: | Petr Lautrbach |
Headers | show |
Series | libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) | expand |
On Tue, Apr 30, 2024 at 11:34 AM Vit Mojzis <vmojzis@redhat.com> wrote: > > libsepol-3.6/cil/src/cil_binary.c:902: alloc_fn: Storage is returned from allocation function "cil_malloc". > libsepol-3.6/cil/src/cil_binary.c:902: var_assign: Assigning: "mls_level" = storage returned from "cil_malloc(24UL)". > libsepol-3.6/cil/src/cil_binary.c:903: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_init". > libsepol-3.6/cil/src/cil_binary.c:905: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_cpy". > libsepol-3.6/cil/src/cil_binary.c:919: leaked_storage: Variable "mls_level" going out of scope leaks the storage it points to. > > Signed-off-by: Vit Mojzis <vmojzis@redhat.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > libsepol/cil/src/cil_binary.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c > index 95bd18ba..c8144a5a 100644 > --- a/libsepol/cil/src/cil_binary.c > +++ b/libsepol/cil/src/cil_binary.c > @@ -904,6 +904,7 @@ static int cil_sensalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alia > > rc = mls_level_cpy(mls_level, sepol_level->level); > if (rc != SEPOL_OK) { > + free(mls_level); > goto exit; > } > sepol_alias->level = mls_level; > -- > 2.43.0 > >
On Tue, Apr 30, 2024 at 1:31 PM James Carter <jwcart2@gmail.com> wrote: > > On Tue, Apr 30, 2024 at 11:34 AM Vit Mojzis <vmojzis@redhat.com> wrote: > > > > libsepol-3.6/cil/src/cil_binary.c:902: alloc_fn: Storage is returned from allocation function "cil_malloc". > > libsepol-3.6/cil/src/cil_binary.c:902: var_assign: Assigning: "mls_level" = storage returned from "cil_malloc(24UL)". > > libsepol-3.6/cil/src/cil_binary.c:903: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_init". > > libsepol-3.6/cil/src/cil_binary.c:905: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_cpy". > > libsepol-3.6/cil/src/cil_binary.c:919: leaked_storage: Variable "mls_level" going out of scope leaks the storage it points to. > > > > Signed-off-by: Vit Mojzis <vmojzis@redhat.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > libsepol/cil/src/cil_binary.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c > > index 95bd18ba..c8144a5a 100644 > > --- a/libsepol/cil/src/cil_binary.c > > +++ b/libsepol/cil/src/cil_binary.c > > @@ -904,6 +904,7 @@ static int cil_sensalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alia > > > > rc = mls_level_cpy(mls_level, sepol_level->level); > > if (rc != SEPOL_OK) { > > + free(mls_level); > > goto exit; > > } > > sepol_alias->level = mls_level; > > -- > > 2.43.0 > > > >
diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c index 95bd18ba..c8144a5a 100644 --- a/libsepol/cil/src/cil_binary.c +++ b/libsepol/cil/src/cil_binary.c @@ -904,6 +904,7 @@ static int cil_sensalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alia rc = mls_level_cpy(mls_level, sepol_level->level); if (rc != SEPOL_OK) { + free(mls_level); goto exit; } sepol_alias->level = mls_level;
libsepol-3.6/cil/src/cil_binary.c:902: alloc_fn: Storage is returned from allocation function "cil_malloc". libsepol-3.6/cil/src/cil_binary.c:902: var_assign: Assigning: "mls_level" = storage returned from "cil_malloc(24UL)". libsepol-3.6/cil/src/cil_binary.c:903: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_init". libsepol-3.6/cil/src/cil_binary.c:905: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_cpy". libsepol-3.6/cil/src/cil_binary.c:919: leaked_storage: Variable "mls_level" going out of scope leaks the storage it points to. Signed-off-by: Vit Mojzis <vmojzis@redhat.com> --- libsepol/cil/src/cil_binary.c | 1 + 1 file changed, 1 insertion(+)