RepoMirrors/selinux
1
0
Fork 0
mirror of https://github.com/SELinuxProject/selinux synced 2024-12-17 19:54:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

libselinux/matchpathcon: RESOURCE_LEAK: Variable "con"

Browse Source 
Fixes:
 Error: RESOURCE_LEAK (CWE-772):
 libselinux-3.6/src/matchpathcon.c:519: alloc_arg: "lgetfilecon_raw" allocates memory that is stored into "con". [Note: The source code implementation of the function has been overridden by a user model.]
 libselinux-3.6/src/matchpathcon.c:528: leaked_storage: Variable "con" going out of scope leaks the storage it points to.
 \#  526|
 \#  527|           if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
 \#  528|->                         return -1;
 \#  529|
 \#  530|           if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {

Signed-off-by: Vit Mojzis <vmojzis@redhat.com>
Acked-by: James Carter <jwcart2@gmail.com>
This commit is contained in:
Vit Mojzis 2024-10-25 20:30:14 +02:00 committed by James Carter
parent 33ac7c960f
commit f18f9e5ea1
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
libselinux/src/matchpathcon.c
View File

@ -524,8 +524,10 @@ int selinux_file_context_verify(const char *path, mode_t mode)
return 0;
}
if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0))
if (!hnd && (matchpathcon_init_prefix(NULL, NULL) < 0)){
freecon(con);
return -1;
}
if (selabel_lookup_raw(hnd, &fcontext, path, mode) != 0) {
if (errno != ENOENT)