[1/3] libsepol: do not free attr_name twice

Commit Message

Nicolas Iooss April 10, 2017, 7:11 p.m. UTC

When set_to_names() fails to allocate *names, it frees variable
attr_name even though it either came from attr_list or was newly created
and added to attr_list. By doing so, the name is freed a second time
when attr_list is destroyed (with "attr_list_destroy(&attr_list)").

Avoid this double free by not freeing attr_name when it belongs to
attr_list.

This issue has been found using clang's static analyzer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 libsepol/src/module_to_cil.c | 1 -
 1 file changed, 1 deletion(-)

Patch

diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
index 3f633fbb0a3f..18b2a6f86fe3 100644
--- a/libsepol/src/module_to_cil.c
+++ b/libsepol/src/module_to_cil.c
@@ -962,7 +962,6 @@  static int set_to_names(struct policydb *pdb, int is_type, void *set, struct lis
 	*names = malloc(sizeof(char *));
 	if (!*names) {
 		log_err("Out of memory");
-		free(attr_name);
 		rc = -1;
 		goto exit;
 	}