From 474b271b1b4962356eaff891bcbd6422b965b564 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Wed, 15 Sep 2021 15:19:52 +0200 Subject: [PATCH] libsepol: free memory after policy validation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Found while running the checkpolicy/test/dispol binary. Direct leak of 24 byte(s) in 1 object(s) allocated from: #0 0x49bacd in __interceptor_malloc (./checkpolicy/test/dispol+0x49bacd) #1 0x5551e1 in ebitmap_set_bit ./libsepol/src/ebitmap.c:326:27 #2 0x517873 in create_gap_ebitmap ./libsepol/src/policydb_validate.c:23:8 #3 0x517873 in validate_init ./libsepol/src/policydb_validate.c:34:6 #4 0x50fa47 in validate_array_init ./libsepol/src/policydb_validate.c:44:6 #5 0x50fa47 in validate_policydb ./libsepol/src/policydb_validate.c:732:6 #6 0x4f22df in policydb_read ./libsepol/src/policydb.c:4538:6 #7 0x4cddb3 in main ./checkpolicy/test/dispol.c:437:8 #8 0x7f5980e47e49 in __libc_start_main csu/../csu/libc-start.c:314:16 Indirect leak of 48 byte(s) in 2 object(s) allocated from: #0 0x49bacd in __interceptor_malloc (./checkpolicy/test/dispol+0x49bacd) #1 0x5551e1 in ebitmap_set_bit ./libsepol/src/ebitmap.c:326:27 #2 0x517873 in create_gap_ebitmap ./libsepol/src/policydb_validate.c:23:8 #3 0x517873 in validate_init ./libsepol/src/policydb_validate.c:34:6 #4 0x50fa47 in validate_array_init ./libsepol/src/policydb_validate.c:44:6 #5 0x50fa47 in validate_policydb ./libsepol/src/policydb_validate.c:732:6 #6 0x4f22df in policydb_read ./libsepol/src/policydb.c:4538:6 #7 0x4cddb3 in main ./checkpolicy/test/dispol.c:437:8 #8 0x7f5980e47e49 in __libc_start_main csu/../csu/libc-start.c:314:16 Signed-off-by: Christian Göttsche --- libsepol/src/policydb_validate.c | 14 +++++++++++++- 1 file changed, 13 insertions(+), 1 deletion(-) diff --git a/libsepol/src/policydb_validate.c b/libsepol/src/policydb_validate.c index 246aa6e3..5804d247 100644 --- a/libsepol/src/policydb_validate.c +++ b/libsepol/src/policydb_validate.c @@ -722,12 +722,21 @@ bad: return -1; } +static void validate_array_destroy(validate_t flavors[]) +{ + unsigned int i; + + for (i = 0; i < SYM_NUM; i++) { + ebitmap_destroy(&flavors[i].gaps); + } +} + /* * Validate policydb */ int validate_policydb(sepol_handle_t *handle, policydb_t *p) { - validate_t flavors[SYM_NUM]; + validate_t flavors[SYM_NUM] = {}; if (validate_array_init(p, flavors)) goto bad; @@ -756,9 +765,12 @@ int validate_policydb(sepol_handle_t *handle, policydb_t *p) if (validate_datum_arrays(handle, p, flavors)) goto bad; + validate_array_destroy(flavors); + return 0; bad: ERR(handle, "Invalid policydb"); + validate_array_destroy(flavors); return -1; }