[PATCH 3/6] libsepol: resource leaks in policydb.c

[serue@xxxxxxxxxx]

This patch fixes 2 resource leaks found by Coverity in policydb.c.

	1. in avrule_read(), the 'cur' element has been malloc'ed
	but not yet added to the avrule->perms list at one point
	whene we jump to bad:

	2. 'key' is not freed in one case in scope_read().

The second point makes me wonder - is scope_destroy() fully
implemented?  It takes 'key' as an argument, but does nothing with
it.  Same with its third arg.  Of course, they both have attribute
unused...

Hmm, I see now my formatting is not matching what's in the original
file...  I'll fix them by hand as I'm mailing them, and try to get
it right next time.

thanks,
-serge

Index: src/policydb.c
===================================================================
--- src.orig/policydb.c
+++ src/policydb.c
@@ -2027,8 +2027,10 @@ static avrule_t *avrule_read(policydb_t 
                 class_perm_node_init(cur);
 
                 buf = next_entry(fp, sizeof(uint32_t) * 2);
-                if (!buf)
+                if (!buf) {
+                        free(cur);
                         goto bad;
+       }
 
                 cur->class = le32_to_cpu(buf[0]);
                 cur->data = le32_to_cpu(buf[1]);
@@ -2363,7 +2365,8 @@ static int scope_read(policydb_t * p, ha
 
         if (strcmp(key, "object_r") == 0 && h == p->p_roles_scope.table) {
                 /* object_r was already added to this table in roles_init() */
-                scope_destroy(key, scope, NULL);
+                free(key);
+                scope_destroy(NULL, scope, NULL);
         }
         else {
                 if (hashtab_insert(h, key, scope)) {

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.