[PATCH 5/6] libsepol: cond_read_node resource leak

[serue@xxxxxxxxxx]

This patch fixes a resource leak found by Coverity:

	1. cond_read_node: node was not freed on failure.  I assume
	it was expected the caller would, but the caller didn't.  And
	since there is only one caller, it seemed easier to have do it
	here.

	2. expr is not freed on error before it is appended
	to node.

thanks,
-serge

Index: src/conditional.c
===================================================================
--- src.orig/conditional.c
+++ src/conditional.c
@@ -706,14 +706,14 @@ static int cond_read_node(policydb_t *p,
 
 	buf = next_entry(fp, sizeof(uint32_t));
 	if (!buf)
-		return -1;
+		goto err;
 
 	node->cur_state = le32_to_cpu(buf[0]);
 	
 	len = 0;
 	buf = next_entry(fp, sizeof(uint32_t));
 	if (!buf)
-		return -1;
+		goto err;
 
 	/* expr */
 	len = le32_to_cpu(buf[0]);
@@ -732,8 +732,10 @@ static int cond_read_node(policydb_t *p,
 		expr->expr_type = le32_to_cpu(buf[0]);
 		expr->bool = le32_to_cpu(buf[1]);
 		
-		if (!expr_isvalid(p, expr))
+		if (!expr_isvalid(p, expr)) {
+			free(expr);
 			goto err;
+		}
 
 		if (i == 0) {
 			node->expr = expr;
@@ -758,6 +760,7 @@ static int cond_read_node(policydb_t *p,
 	return 0;
 err:
 	cond_node_destroy(node);
+	free(node);
 	return -1;
 }
 

--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@xxxxxxxxxxxxx with
the words "unsubscribe selinux" without quotes as the message.