[3/5] checkpolicy: fix memory leaks in genfscon statements parsing

Commit Message

Nicolas Iooss Dec. 26, 2016, 9:18 p.m. UTC

When parsing several genfscon statements for the same filesystem, the
content of local variable "fstype" is never freed. Moreover variable
"type" is never freed when define_genfs_context_helper() succeeds.

Fix these leaks by calling free() appropriately.

These leaks have been detected with gcc Address Sanitizer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 checkpolicy/policy_define.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

James Carter Jan. 6, 2017, 7:27 p.m. UTC | #1

On 12/26/2016 04:18 PM, Nicolas Iooss wrote:
> When parsing several genfscon statements for the same filesystem, the
> content of local variable "fstype" is never freed. Moreover variable
> "type" is never freed when define_genfs_context_helper() succeeds.
>
> Fix these leaks by calling free() appropriately.
>
> These leaks have been detected with gcc Address Sanitizer.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Applied.

Thanks,

> ---
>  checkpolicy/policy_define.c | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> index ff902787c2aa..780e325af65d 100644
> --- a/checkpolicy/policy_define.c
> +++ b/checkpolicy/policy_define.c
> @@ -5288,6 +5288,9 @@ int define_genfs_context_helper(char *fstype, int has_type)
>  		else
>  			policydbp->genfs = newgenfs;
>  		genfs = newgenfs;
> +	} else {
> +		free(fstype);
> +		fstype = NULL;
>  	}
>
>  	newc = (ocontext_t *) malloc(sizeof(ocontext_t));
> @@ -5345,7 +5348,7 @@ int define_genfs_context_helper(char *fstype, int has_type)
>  		    (!newc->v.sclass || !c->v.sclass
>  		     || newc->v.sclass == c->v.sclass)) {
>  			yyerror2("duplicate entry for genfs entry (%s, %s)",
> -				 fstype, newc->u.name);
> +				 genfs->fstype, newc->u.name);
>  			goto fail;
>  		}
>  		len = strlen(newc->u.name);
> @@ -5359,6 +5362,7 @@ int define_genfs_context_helper(char *fstype, int has_type)
>  		p->next = newc;
>  	else
>  		genfs->head = newc;
> +	free(type);
>  	return 0;
>        fail:
>  	if (type)
>

Patch

diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index ff902787c2aa..780e325af65d 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -5288,6 +5288,9 @@  int define_genfs_context_helper(char *fstype, int has_type)
 		else
 			policydbp->genfs = newgenfs;
 		genfs = newgenfs;
+	} else {
+		free(fstype);
+		fstype = NULL;
 	}
 
 	newc = (ocontext_t *) malloc(sizeof(ocontext_t));
@@ -5345,7 +5348,7 @@  int define_genfs_context_helper(char *fstype, int has_type)
 		    (!newc->v.sclass || !c->v.sclass
 		     || newc->v.sclass == c->v.sclass)) {
 			yyerror2("duplicate entry for genfs entry (%s, %s)",
-				 fstype, newc->u.name);
+				 genfs->fstype, newc->u.name);
 			goto fail;
 		}
 		len = strlen(newc->u.name);
@@ -5359,6 +5362,7 @@  int define_genfs_context_helper(char *fstype, int has_type)
 		p->next = newc;
 	else
 		genfs->head = newc;
+	free(type);
 	return 0;
       fail:
 	if (type)