checkpolicy: free extended permission memory
define_te_avtab_xperms_helper() allocates memory for the avrule, while
define_te_avtab_ioctl() does not transfer any ownership of it.
Free the affected memory.
Direct leak of 272 byte(s) in 2 object(s) allocated from:
#0 0x49bb8d in __interceptor_malloc (./checkpolicy/checkmodule+0x49bb8d)
#1 0x4f379c in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2047:24
#2 0x4f379c in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2469:6
#3 0x4cf417 in yyparse ./checkpolicy/policy_parse.y:494:30
#4 0x4eaf35 in read_source_policy ./checkpolicy/parse_util.c:63:6
#5 0x50cccd in main ./checkpolicy/checkmodule.c:278:7
#6 0x7fbfa455ce49 in __libc_start_main csu/../csu/libc-start.c:314:16
Direct leak of 32 byte(s) in 2 object(s) allocated from:
#0 0x49bb8d in __interceptor_malloc (./checkpolicy/checkmodule+0x49bb8d)
#1 0x4f4a38 in avrule_sort_ioctls ./checkpolicy/policy_define.c:1844:12
#2 0x4f4a38 in avrule_ioctl_ranges ./checkpolicy/policy_define.c:2021:6
#3 0x4f4a38 in define_te_avtab_ioctl ./checkpolicy/policy_define.c:2399:6
#4 0x4f4a38 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2475:7
#5 0x4cf417 in yyparse ./checkpolicy/policy_parse.y:494:30
#6 0x4eaf35 in read_source_policy ./checkpolicy/parse_util.c:63:6
#7 0x50cccd in main ./checkpolicy/checkmodule.c:278:7
#8 0x7fbfa455ce49 in __libc_start_main csu/../csu/libc-start.c:314:16
Reported-by: liwugang <liwugang@163.com>
Signed-off-by: Christian Göttsche <cgzones@googlemail.com>
This commit is contained in:
Christian Göttsche
James Carter
parent
ba18cf0cdf
commit
a0a342c37b
|
|
@ -2390,7 +2390,7 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src)
|
||||||
static int define_te_avtab_ioctl(const avrule_t *avrule_template)
|
static int define_te_avtab_ioctl(const avrule_t *avrule_template)
|
||||||
{
|
{
|
||||||
avrule_t *avrule;
|
avrule_t *avrule;
|
||||||
struct av_ioctl_range_list *rangelist;
|
struct av_ioctl_range_list *rangelist, *r;
|
||||||
av_extended_perms_t *complete_driver, *partial_driver, *xperms;
|
av_extended_perms_t *complete_driver, *partial_driver, *xperms;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
|
|
||||||
|
|
@ -2448,6 +2448,12 @@ done:
|
||||||
if (partial_driver)
|
if (partial_driver)
|
||||||
free(partial_driver);
|
free(partial_driver);
|
||||||
|
|
||||||
|
while (rangelist != NULL) {
|
||||||
|
r = rangelist;
|
||||||
|
rangelist = rangelist->next;
|
||||||
|
free(r);
|
||||||
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -2456,6 +2462,7 @@ int define_te_avtab_extended_perms(int which)
|
||||||
char *id;
|
char *id;
|
||||||
unsigned int i;
|
unsigned int i;
|
||||||
avrule_t *avrule_template;
|
avrule_t *avrule_template;
|
||||||
|
int rc = 0;
|
||||||
|
|
||||||
if (pass == 1) {
|
if (pass == 1) {
|
||||||
for (i = 0; i < 4; i++) {
|
for (i = 0; i < 4; i++) {
|
||||||
|
|
@ -2471,15 +2478,17 @@ int define_te_avtab_extended_perms(int which)
|
||||||
|
|
||||||
id = queue_remove(id_queue);
|
id = queue_remove(id_queue);
|
||||||
if (strcmp(id,"ioctl") == 0) {
|
if (strcmp(id,"ioctl") == 0) {
|
||||||
free(id);
|
rc = define_te_avtab_ioctl(avrule_template);
|
||||||
if (define_te_avtab_ioctl(avrule_template))
|
|
||||||
return -1;
|
|
||||||
} else {
|
} else {
|
||||||
yyerror("only ioctl extended permissions are supported");
|
yyerror("only ioctl extended permissions are supported");
|
||||||
free(id);
|
rc = -1;
|
||||||
return -1;
|
|
||||||
}
|
}
|
||||||
return 0;
|
|
||||||
|
free(id);
|
||||||
|
avrule_destroy(avrule_template);
|
||||||
|
free(avrule_template);
|
||||||
|
|
||||||
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
||||||
static int define_te_avtab_helper(int which, avrule_t ** rule)
|
static int define_te_avtab_helper(int which, avrule_t ** rule)
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue