01849d4202
This is an automated DistroBaker update from upstream sources. If you do not know what this is about or would like to opt out, contact the OSCI team. Source: https://src.fedoraproject.org/rpms/libsepol.git#7a48f3506f90b8ae7621c7f8574656b6750f4bd7
82 lines
2.6 KiB
Diff
82 lines
2.6 KiB
Diff
From a2bd2a8ea5ef687e8b4dc2694f7d5e99a1ec2a06 Mon Sep 17 00:00:00 2001
|
|
From: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
Date: Thu, 12 Nov 2020 21:24:06 +0100
|
|
Subject: [PATCH] libsepol: free memory when realloc() fails
|
|
|
|
In get_class_info(), if realloc(class_buf, new_class_buf_len) fails to
|
|
grow the memory, the function returns NULL without freeing class_buf.
|
|
This leads to a memory leak which is reported by clang's static
|
|
analyzer:
|
|
https://580-118970575-gh.circle-artifacts.com/0/output-scan-build/2020-11-11-194150-6152-1/report-42a899.html#EndPath
|
|
|
|
Fix the memory leak by calling free(class_buf).
|
|
|
|
While at it, use size_t insted of int to store the size of the buffer
|
|
which is growing.
|
|
|
|
Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
|
|
---
|
|
libsepol/src/services.c | 19 +++++++++++--------
|
|
1 file changed, 11 insertions(+), 8 deletions(-)
|
|
|
|
diff --git a/libsepol/src/services.c b/libsepol/src/services.c
|
|
index beb0711f6680..72b39657cd2e 100644
|
|
--- a/libsepol/src/services.c
|
|
+++ b/libsepol/src/services.c
|
|
@@ -312,17 +312,20 @@ static char *get_class_info(sepol_security_class_t tclass,
|
|
else
|
|
state_num = mls + 2;
|
|
|
|
- int class_buf_len = 0;
|
|
- int new_class_buf_len;
|
|
- int len, buf_used;
|
|
+ size_t class_buf_len = 0;
|
|
+ size_t new_class_buf_len;
|
|
+ size_t buf_used;
|
|
+ int len;
|
|
char *class_buf = NULL, *p;
|
|
char *new_class_buf = NULL;
|
|
|
|
while (1) {
|
|
new_class_buf_len = class_buf_len + EXPR_BUF_SIZE;
|
|
new_class_buf = realloc(class_buf, new_class_buf_len);
|
|
- if (!new_class_buf)
|
|
- return NULL;
|
|
+ if (!new_class_buf) {
|
|
+ free(class_buf);
|
|
+ return NULL;
|
|
+ }
|
|
class_buf_len = new_class_buf_len;
|
|
class_buf = new_class_buf;
|
|
buf_used = 0;
|
|
@@ -330,7 +333,7 @@ static char *get_class_info(sepol_security_class_t tclass,
|
|
|
|
/* Add statement type */
|
|
len = snprintf(p, class_buf_len - buf_used, "%s", statements[state_num]);
|
|
- if (len < 0 || len >= class_buf_len - buf_used)
|
|
+ if (len < 0 || (size_t)len >= class_buf_len - buf_used)
|
|
continue;
|
|
|
|
/* Add class entry */
|
|
@@ -338,7 +341,7 @@ static char *get_class_info(sepol_security_class_t tclass,
|
|
buf_used += len;
|
|
len = snprintf(p, class_buf_len - buf_used, "%s ",
|
|
policydb->p_class_val_to_name[tclass - 1]);
|
|
- if (len < 0 || len >= class_buf_len - buf_used)
|
|
+ if (len < 0 || (size_t)len >= class_buf_len - buf_used)
|
|
continue;
|
|
|
|
/* Add permission entries (validatetrans does not have perms) */
|
|
@@ -351,7 +354,7 @@ static char *get_class_info(sepol_security_class_t tclass,
|
|
} else {
|
|
len = snprintf(p, class_buf_len - buf_used, "(");
|
|
}
|
|
- if (len < 0 || len >= class_buf_len - buf_used)
|
|
+ if (len < 0 || (size_t)len >= class_buf_len - buf_used)
|
|
continue;
|
|
break;
|
|
}
|
|
--
|
|
2.29.2
|
|
|