diff mbox series

libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772)

Message ID 20240430153024.790044-1-vmojzis@redhat.com (mailing list archive)
State New
Delegated to: Petr Lautrbach
Headers show
Series libsepol/cil: Fix detected RESOURCE_LEAK (CWE-772) | expand

Commit Message

Vit Mojzis April 30, 2024, 3:30 p.m. UTC 
libsepol-3.6/cil/src/cil_binary.c:902: alloc_fn: Storage is returned from allocation function "cil_malloc".
libsepol-3.6/cil/src/cil_binary.c:902: var_assign: Assigning: "mls_level" = storage returned from "cil_malloc(24UL)".
libsepol-3.6/cil/src/cil_binary.c:903: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_init".
libsepol-3.6/cil/src/cil_binary.c:905: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_cpy".
libsepol-3.6/cil/src/cil_binary.c:919: leaked_storage: Variable "mls_level" going out of scope leaks the storage it points to.

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
---
 libsepol/cil/src/cil_binary.c | 1 +
 1 file changed, 1 insertion(+)

Comments

James Carter April 30, 2024, 5:31 p.m. UTC | #1 
On Tue, Apr 30, 2024 at 11:34 AM Vit Mojzis <vmojzis@redhat.com> wrote:
>
> libsepol-3.6/cil/src/cil_binary.c:902: alloc_fn: Storage is returned from allocation function "cil_malloc".
> libsepol-3.6/cil/src/cil_binary.c:902: var_assign: Assigning: "mls_level" = storage returned from "cil_malloc(24UL)".
> libsepol-3.6/cil/src/cil_binary.c:903: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_init".
> libsepol-3.6/cil/src/cil_binary.c:905: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_cpy".
> libsepol-3.6/cil/src/cil_binary.c:919: leaked_storage: Variable "mls_level" going out of scope leaks the storage it points to.
>
> Signed-off-by: Vit Mojzis <vmojzis@redhat.com>

Acked-by: James Carter <jwcart2@gmail.com>

> ---
>  libsepol/cil/src/cil_binary.c | 1 +
>  1 file changed, 1 insertion(+)
>
> diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> index 95bd18ba..c8144a5a 100644
> --- a/libsepol/cil/src/cil_binary.c
> +++ b/libsepol/cil/src/cil_binary.c
> @@ -904,6 +904,7 @@ static int cil_sensalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alia
>
>         rc = mls_level_cpy(mls_level, sepol_level->level);
>         if (rc != SEPOL_OK) {
> +               free(mls_level);
>                 goto exit;
>         }
>         sepol_alias->level = mls_level;
> --
> 2.43.0
>
>
James Carter May 2, 2024, 6:06 p.m. UTC | #2 
On Tue, Apr 30, 2024 at 1:31 PM James Carter <jwcart2@gmail.com> wrote:
>
> On Tue, Apr 30, 2024 at 11:34 AM Vit Mojzis <vmojzis@redhat.com> wrote:
> >
> > libsepol-3.6/cil/src/cil_binary.c:902: alloc_fn: Storage is returned from allocation function "cil_malloc".
> > libsepol-3.6/cil/src/cil_binary.c:902: var_assign: Assigning: "mls_level" = storage returned from "cil_malloc(24UL)".
> > libsepol-3.6/cil/src/cil_binary.c:903: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_init".
> > libsepol-3.6/cil/src/cil_binary.c:905: noescape: Resource "mls_level" is not freed or pointed-to in "mls_level_cpy".
> > libsepol-3.6/cil/src/cil_binary.c:919: leaked_storage: Variable "mls_level" going out of scope leaks the storage it points to.
> >
> > Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
>
> Acked-by: James Carter <jwcart2@gmail.com>
>

Merged.
Thanks,
Jim

> > ---
> >  libsepol/cil/src/cil_binary.c | 1 +
> >  1 file changed, 1 insertion(+)
> >
> > diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
> > index 95bd18ba..c8144a5a 100644
> > --- a/libsepol/cil/src/cil_binary.c
> > +++ b/libsepol/cil/src/cil_binary.c
> > @@ -904,6 +904,7 @@ static int cil_sensalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alia
> >
> >         rc = mls_level_cpy(mls_level, sepol_level->level);
> >         if (rc != SEPOL_OK) {
> > +               free(mls_level);
> >                 goto exit;
> >         }
> >         sepol_alias->level = mls_level;
> > --
> > 2.43.0
> >
> >
diff mbox series

Patch

diff --git a/libsepol/cil/src/cil_binary.c b/libsepol/cil/src/cil_binary.c
index 95bd18ba..c8144a5a 100644
--- a/libsepol/cil/src/cil_binary.c
+++ b/libsepol/cil/src/cil_binary.c
@@ -904,6 +904,7 @@  static int cil_sensalias_to_policydb(policydb_t *pdb, struct cil_alias *cil_alia
 
 	rc = mls_level_cpy(mls_level, sepol_level->level);
 	if (rc != SEPOL_OK) {
+		free(mls_level);
 		goto exit;
 	}
 	sepol_alias->level = mls_level;