diff mbox

[2/5] checkpolicy: free id in define_port_context()

Message ID 20161226211832.7165-2-nicolas.iooss@m4x.org (mailing list archive)
State Not Applicable
Headers show

Commit Message

Nicolas Iooss Dec. 26, 2016, 9:18 p.m. UTC 
Variable id is almost never freed in define_port_context().

This leak has been detected with gcc Address Sanitizer.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 checkpolicy/policy_define.c | 5 +++++
 1 file changed, 5 insertions(+)

Comments

James Carter Jan. 6, 2017, 7:26 p.m. UTC | #1 
On 12/26/2016 04:18 PM, Nicolas Iooss wrote:
> Variable id is almost never freed in define_port_context().
>
> This leak has been detected with gcc Address Sanitizer.
>
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
> ---
>  checkpolicy/policy_define.c | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
> index 2ad98c3c851e..ff902787c2aa 100644
> --- a/checkpolicy/policy_define.c
> +++ b/checkpolicy/policy_define.c
> @@ -4899,6 +4899,7 @@ int define_port_context(unsigned int low, unsigned int high)
>  		protocol = IPPROTO_DCCP;
>  	} else {
>  		yyerror2("unrecognized protocol %s", id);
> +		free(id);
>  		free(newc);
>  		return -1;
>  	}
> @@ -4909,11 +4910,13 @@ int define_port_context(unsigned int low, unsigned int high)
>
>  	if (low > high) {
>  		yyerror2("low port %d exceeds high port %d", low, high);
> +		free(id);
>  		free(newc);
>  		return -1;
>  	}
>
>  	if (parse_security_context(&newc->context[0])) {
> +		free(id);
>  		free(newc);
>  		return -1;
>  	}

Applied, but for the three above I changed it to "goto bad;" which has both 
frees and returns -1.

Thanks,

> @@ -4945,9 +4948,11 @@ int define_port_context(unsigned int low, unsigned int high)
>  	else
>  		policydbp->ocontexts[OCON_PORT] = newc;
>
> +	free(id);
>  	return 0;
>
>        bad:
> +	free(id);
>  	free(newc);
>  	return -1;
>  }
>
diff mbox

Patch

diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c
index 2ad98c3c851e..ff902787c2aa 100644
--- a/checkpolicy/policy_define.c
+++ b/checkpolicy/policy_define.c
@@ -4899,6 +4899,7 @@  int define_port_context(unsigned int low, unsigned int high)
 		protocol = IPPROTO_DCCP;
 	} else {
 		yyerror2("unrecognized protocol %s", id);
+		free(id);
 		free(newc);
 		return -1;
 	}
@@ -4909,11 +4910,13 @@  int define_port_context(unsigned int low, unsigned int high)
 
 	if (low > high) {
 		yyerror2("low port %d exceeds high port %d", low, high);
+		free(id);
 		free(newc);
 		return -1;
 	}
 
 	if (parse_security_context(&newc->context[0])) {
+		free(id);
 		free(newc);
 		return -1;
 	}
@@ -4945,9 +4948,11 @@  int define_port_context(unsigned int low, unsigned int high)
 	else
 		policydbp->ocontexts[OCON_PORT] = newc;
 
+	free(id);
 	return 0;
 
       bad:
+	free(id);
 	free(newc);
 	return -1;
 }