mirror of
https://github.com/SELinuxProject/selinux
synced 2025-02-18 02:26:59 +00:00
checkpolicy: free id where it was leaked
Several functions in policy_define.c do not free id after handling it. Add the missing free(id) statements. The places where free(id) was missing were found both with gcc Address Sanitizer and manual code inspection. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss
James Carter
parent
47f61b0ee9
commit
c1ba831122
@ -1232,6 +1232,7 @@ int define_typealias(void)
|
|||||||
free(id);
|
free(id);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
free(id);
|
||||||
return add_aliases_to_type(t);
|
return add_aliases_to_type(t);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1263,6 +1264,7 @@ int define_typeattribute(void)
|
|||||||
free(id);
|
free(id);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
free(id);
|
||||||
|
|
||||||
while ((id = queue_remove(id_queue))) {
|
while ((id = queue_remove(id_queue))) {
|
||||||
if (!is_id_in_scope(SYM_TYPES, id)) {
|
if (!is_id_in_scope(SYM_TYPES, id)) {
|
||||||
@ -1459,25 +1461,25 @@ static int set_types(type_set_t * set, char *id, int *add, char starallowed)
|
|||||||
type_datum_t *t;
|
type_datum_t *t;
|
||||||
|
|
||||||
if (strcmp(id, "*") == 0) {
|
if (strcmp(id, "*") == 0) {
|
||||||
|
free(id);
|
||||||
if (!starallowed) {
|
if (!starallowed) {
|
||||||
yyerror("* not allowed in this type of rule");
|
yyerror("* not allowed in this type of rule");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
/* set TYPE_STAR flag */
|
/* set TYPE_STAR flag */
|
||||||
set->flags = TYPE_STAR;
|
set->flags = TYPE_STAR;
|
||||||
free(id);
|
|
||||||
*add = 1;
|
*add = 1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (strcmp(id, "~") == 0) {
|
if (strcmp(id, "~") == 0) {
|
||||||
|
free(id);
|
||||||
if (!starallowed) {
|
if (!starallowed) {
|
||||||
yyerror("~ not allowed in this type of rule");
|
yyerror("~ not allowed in this type of rule");
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
/* complement the set */
|
/* complement the set */
|
||||||
set->flags = TYPE_COMP;
|
set->flags = TYPE_COMP;
|
||||||
free(id);
|
|
||||||
*add = 1;
|
*add = 1;
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
@ -1570,8 +1572,10 @@ int define_compute_type_helper(int which, avrule_t ** rule)
|
|||||||
(hashtab_key_t) id);
|
(hashtab_key_t) id);
|
||||||
if (!datum || datum->flavor == TYPE_ATTRIB) {
|
if (!datum || datum->flavor == TYPE_ATTRIB) {
|
||||||
yyerror2("unknown type %s", id);
|
yyerror2("unknown type %s", id);
|
||||||
|
free(id);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
|
free(id);
|
||||||
|
|
||||||
ebitmap_for_each_bit(&tclasses, node, i) {
|
ebitmap_for_each_bit(&tclasses, node, i) {
|
||||||
if (ebitmap_node_get_bit(node, i)) {
|
if (ebitmap_node_get_bit(node, i)) {
|
||||||
@ -2008,6 +2012,7 @@ int define_te_avtab_xperms_helper(int which, avrule_t ** rule)
|
|||||||
(class_perm_node_t *) malloc(sizeof(class_perm_node_t));
|
(class_perm_node_t *) malloc(sizeof(class_perm_node_t));
|
||||||
if (!cur_perms) {
|
if (!cur_perms) {
|
||||||
yyerror("out of memory");
|
yyerror("out of memory");
|
||||||
|
free(id);
|
||||||
ret = -1;
|
ret = -1;
|
||||||
goto out;
|
goto out;
|
||||||
}
|
}
|
||||||
@ -2043,6 +2048,7 @@ int define_te_avtab_xperms_helper(int which, avrule_t ** rule)
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
free(id);
|
||||||
ebitmap_destroy(&tclasses);
|
ebitmap_destroy(&tclasses);
|
||||||
|
|
||||||
avrule->perms = perms;
|
avrule->perms = perms;
|
||||||
@ -2389,11 +2395,12 @@ int define_te_avtab_extended_perms(int which)
|
|||||||
|
|
||||||
id = queue_remove(id_queue);
|
id = queue_remove(id_queue);
|
||||||
if (strcmp(id,"ioctl") == 0) {
|
if (strcmp(id,"ioctl") == 0) {
|
||||||
|
free(id);
|
||||||
if (define_te_avtab_ioctl(avrule_template))
|
if (define_te_avtab_ioctl(avrule_template))
|
||||||
return -1;
|
return -1;
|
||||||
free(id);
|
|
||||||
} else {
|
} else {
|
||||||
yyerror("only ioctl extended permissions are supported");
|
yyerror("only ioctl extended permissions are supported");
|
||||||
|
free(id);
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
@ -3090,13 +3097,16 @@ int define_role_trans(int class_specified)
|
|||||||
role = hashtab_search(policydbp->p_roles.table, id);
|
role = hashtab_search(policydbp->p_roles.table, id);
|
||||||
if (!role) {
|
if (!role) {
|
||||||
yyerror2("unknown role %s used in transition definition", id);
|
yyerror2("unknown role %s used in transition definition", id);
|
||||||
|
free(id);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (role->flavor != ROLE_ROLE) {
|
if (role->flavor != ROLE_ROLE) {
|
||||||
yyerror2("the new role %s must be a regular role", id);
|
yyerror2("the new role %s must be a regular role", id);
|
||||||
|
free(id);
|
||||||
goto bad;
|
goto bad;
|
||||||
}
|
}
|
||||||
|
free(id);
|
||||||
|
|
||||||
/* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
|
/* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
|
||||||
if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
|
if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user