| Message ID | 20221205093644.703107-2-lujie54@huawei.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [1/3] libselinux: fix potential NULL reference and memory leak in audit2why | expand |
On Mon, Dec 5, 2022 at 7:13 AM Jie Lu <lujie54@huawei.com> wrote: > > In common_copy_callback(), destroy new_common->permissions when the function fails. > > Signed-off-by: Jie Lu <lujie54@huawei.com> > --- > libsepol/src/expand.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c > index 8d19850e..b44cfd4f 100644 > --- a/libsepol/src/expand.c > +++ b/libsepol/src/expand.c > @@ -297,6 +297,7 @@ static int common_copy_callback(hashtab_key_t key, hashtab_datum_t datum, > (hashtab_datum_t) new_common); > if (ret) { > ERR(state->handle, "hashtab overflow"); > + symtab_destroy(&new_common->permissions); > free(new_common); > free(new_id); > return -1; The call to hashtab_map() below this also needs similar cleanup if there is an error. In fact, this whole function really needs common cleanup code with a goto that code upon an error. Thanks, Jim > -- > 2.27.0 >
diff --git a/libsepol/src/expand.c b/libsepol/src/expand.c index 8d19850e..b44cfd4f 100644 --- a/libsepol/src/expand.c +++ b/libsepol/src/expand.c @@ -297,6 +297,7 @@ static int common_copy_callback(hashtab_key_t key, hashtab_datum_t datum, (hashtab_datum_t) new_common); if (ret) { ERR(state->handle, "hashtab overflow"); + symtab_destroy(&new_common->permissions); free(new_common); free(new_id); return -1;
In common_copy_callback(), destroy new_common->permissions when the function fails. Signed-off-by: Jie Lu <lujie54@huawei.com> --- libsepol/src/expand.c | 1 + 1 file changed, 1 insertion(+)