| Message ID | 20230420151500.23679-1-cgzones@googlemail.com (mailing list archive) |
|---|---|
| State | Accepted |
| Commit | 3be312e0cf2c |
| Delegated to: | Petr Lautrbach |
| Headers | show |
| Series | [RESEND] libsemanage: fix memory leak in semanage_user_roles | expand |
On Thu, Apr 20, 2023 at 11:25 AM Christian Göttsche <cgzones@googlemail.com> wrote: > > The output parameter `role_arr` of semanage_user_get_roles() is an array > of non-owned role names. Since the array is never used again, as its > contents have been copied into the return value `roles`, free it. > > Example leak report from useradd(8): > > Direct leak of 8 byte(s) in 1 object(s) allocated from: > #0 0x5597624284a8 in __interceptor_calloc (./shadow/src/useradd+0xee4a8) > #1 0x7f53aefcbbf9 in sepol_user_get_roles src/user_record.c:270:21 > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> Acked-by: James Carter <jwcart2@gmail.com> > --- > same as v1, only signed-of > --- > libsemanage/src/seusers_local.c | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c > index 6508ec05..795a33d6 100644 > --- a/libsemanage/src/seusers_local.c > +++ b/libsemanage/src/seusers_local.c > @@ -47,6 +47,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename) > } > } > } > + free(roles_arr); > } > semanage_user_free(user); > } > -- > 2.40.0 >
On Thu, Apr 20, 2023 at 4:58 PM James Carter <jwcart2@gmail.com> wrote: > > On Thu, Apr 20, 2023 at 11:25 AM Christian Göttsche > <cgzones@googlemail.com> wrote: > > > > The output parameter `role_arr` of semanage_user_get_roles() is an array > > of non-owned role names. Since the array is never used again, as its > > contents have been copied into the return value `roles`, free it. > > > > Example leak report from useradd(8): > > > > Direct leak of 8 byte(s) in 1 object(s) allocated from: > > #0 0x5597624284a8 in __interceptor_calloc (./shadow/src/useradd+0xee4a8) > > #1 0x7f53aefcbbf9 in sepol_user_get_roles src/user_record.c:270:21 > > > > Signed-off-by: Christian Göttsche <cgzones@googlemail.com> > > Acked-by: James Carter <jwcart2@gmail.com> > Merged. Thanks, Jim > > --- > > same as v1, only signed-of > > --- > > libsemanage/src/seusers_local.c | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c > > index 6508ec05..795a33d6 100644 > > --- a/libsemanage/src/seusers_local.c > > +++ b/libsemanage/src/seusers_local.c > > @@ -47,6 +47,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename) > > } > > } > > } > > + free(roles_arr); > > } > > semanage_user_free(user); > > } > > -- > > 2.40.0 > >
diff --git a/libsemanage/src/seusers_local.c b/libsemanage/src/seusers_local.c index 6508ec05..795a33d6 100644 --- a/libsemanage/src/seusers_local.c +++ b/libsemanage/src/seusers_local.c @@ -47,6 +47,7 @@ static char *semanage_user_roles(semanage_handle_t * handle, const char *sename) } } } + free(roles_arr); } semanage_user_free(user); }
The output parameter `role_arr` of semanage_user_get_roles() is an array of non-owned role names. Since the array is never used again, as its contents have been copied into the return value `roles`, free it. Example leak report from useradd(8): Direct leak of 8 byte(s) in 1 object(s) allocated from: #0 0x5597624284a8 in __interceptor_calloc (./shadow/src/useradd+0xee4a8) #1 0x7f53aefcbbf9 in sepol_user_get_roles src/user_record.c:270:21 Signed-off-by: Christian Göttsche <cgzones@googlemail.com> --- same as v1, only signed-of --- libsemanage/src/seusers_local.c | 1 + 1 file changed, 1 insertion(+)