| Message ID | 20221205093644.703107-1-lujie54@huawei.com (mailing list archive) |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [1/3] libselinux: fix potential NULL reference and memory leak in audit2why | expand |
On Mon, Dec 5, 2022 at 7:13 AM Jie Lu <lujie54@huawei.com> wrote: > > In audit2why.c add return check for memory allocation. And free every element > in the boollist when function fails. > > Signed-off-by: Jie Lu <lujie54@huawei.com> > --- > libselinux/src/audit2why.c | 26 ++++++++++++++++++++++++-- > 1 file changed, 24 insertions(+), 2 deletions(-) > > diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c > index ba1a66eb..742b4ff5 100644 > --- a/libselinux/src/audit2why.c > +++ b/libselinux/src/audit2why.c > @@ -55,7 +55,16 @@ static int load_booleans(const sepol_bool_t * boolean, > void *arg __attribute__ ((__unused__))) > { > boollist[boolcnt] = malloc(sizeof(struct boolean_t)); > + if (!boollist[boolcnt]) { > + PyErr_SetString( PyExc_MemoryError, "Out of memory\n"); > + return -1; > + } > boollist[boolcnt]->name = strdup(sepol_bool_get_name(boolean)); > + if (!boollist[boolcnt]->name) { > + PyErr_SetString( PyExc_MemoryError, "Out of memory\n"); > + free(boollist[boolcnt]); > + return -1; > + } > boollist[boolcnt]->active = sepol_bool_get_value(boolean); > boolcnt++; > return 0; > @@ -149,6 +158,11 @@ static int check_booleans(struct boolean_t **bools) > > if (fcnt > 0) { > *bools = calloc(sizeof(struct boolean_t), fcnt + 1); > + if (!*bools) { > + PyErr_SetString( PyExc_MemoryError, "Out of memory\n"); > + free(foundlist); > + return 0; > + } > struct boolean_t *b = *bools; > for (i = 0; i < fcnt; i++) { > int ctr = foundlist[i]; > @@ -278,14 +292,22 @@ static int __policy_init(const char *init_path) > return 0; > > err: > - if (boollist) > - free(boollist); > + if (boollist) { > + for (i = 0; i < boolcnt; i++) { > + free(boollist[i]->name); > + free(boollist[i]); > + } > + free(boollist); > + boollist = NULL; > + boolcnt = 0; > + } i is not declared and it is indented with spaces rather than tabs. Thanks, Jim > if (avc){ > if (avc->handle) > sepol_handle_destroy(avc->handle); > if (avc->policydb) > sepol_policydb_free(avc->policydb); > free(avc); > + avc = NULL; > } > if (pf) > sepol_policy_file_free(pf); > -- > 2.27.0 >
diff --git a/libselinux/src/audit2why.c b/libselinux/src/audit2why.c index ba1a66eb..742b4ff5 100644 --- a/libselinux/src/audit2why.c +++ b/libselinux/src/audit2why.c @@ -55,7 +55,16 @@ static int load_booleans(const sepol_bool_t * boolean, void *arg __attribute__ ((__unused__))) { boollist[boolcnt] = malloc(sizeof(struct boolean_t)); + if (!boollist[boolcnt]) { + PyErr_SetString( PyExc_MemoryError, "Out of memory\n"); + return -1; + } boollist[boolcnt]->name = strdup(sepol_bool_get_name(boolean)); + if (!boollist[boolcnt]->name) { + PyErr_SetString( PyExc_MemoryError, "Out of memory\n"); + free(boollist[boolcnt]); + return -1; + } boollist[boolcnt]->active = sepol_bool_get_value(boolean); boolcnt++; return 0; @@ -149,6 +158,11 @@ static int check_booleans(struct boolean_t **bools) if (fcnt > 0) { *bools = calloc(sizeof(struct boolean_t), fcnt + 1); + if (!*bools) { + PyErr_SetString( PyExc_MemoryError, "Out of memory\n"); + free(foundlist); + return 0; + } struct boolean_t *b = *bools; for (i = 0; i < fcnt; i++) { int ctr = foundlist[i]; @@ -278,14 +292,22 @@ static int __policy_init(const char *init_path) return 0; err: - if (boollist) - free(boollist); + if (boollist) { + for (i = 0; i < boolcnt; i++) { + free(boollist[i]->name); + free(boollist[i]); + } + free(boollist); + boollist = NULL; + boolcnt = 0; + } if (avc){ if (avc->handle) sepol_handle_destroy(avc->handle); if (avc->policydb) sepol_policydb_free(avc->policydb); free(avc); + avc = NULL; } if (pf) sepol_policy_file_free(pf);
In audit2why.c add return check for memory allocation. And free every element in the boollist when function fails. Signed-off-by: Jie Lu <lujie54@huawei.com> --- libselinux/src/audit2why.c | 26 ++++++++++++++++++++++++-- 1 file changed, 24 insertions(+), 2 deletions(-)