selinux

History

Nicolas Iooss 7da9bc00f2 checkpolicy: do not leak memory when a class is not found in an avrule While checkmodule tries to compile the following policy file and fails because class "process" is not found, it does not free some allocated memory: module ckpol_leaktest 1.0.0; require {type TYPE1;} allow TYPE1 self:process fork; clang memory sanitier output is: ================================================================= ==16050==ERROR: LeakSanitizer: detected memory leaks Direct leak of 136 byte(s) in 1 object(s) allocated from: #0 0x7f8bd8127608 in malloc (/usr/lib/clang/3.9.1/lib/linux/libclang_rt.asan-x86_64.so+0xf6608) #1 0x41a620 in define_te_avtab_helper /usr/src/selinux/checkpolicy/policy_define.c:2450:24 #2 0x41b6c8 in define_te_avtab /usr/src/selinux/checkpolicy/policy_define.c:2621:6 #3 0x40522b in yyparse /usr/src/selinux/checkpolicy/policy_parse.y:470:10 #4 0x411816 in read_source_policy /usr/src/selinux/checkpolicy/parse_util.c:64:6 #5 0x7f8bd7cb3290 in __libc_start_main (/usr/lib/libc.so.6+0x20290) Direct leak of 8 byte(s) in 1 object(s) allocated from: #0 0x7f8bd8127608 in malloc (/usr/lib/clang/3.9.1/lib/linux/libclang_rt.asan-x86_64.so+0xf6608) #1 0x411c87 in insert_id /usr/src/selinux/checkpolicy/policy_define.c:120:18 Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x7f8bd8127608 in malloc (/usr/lib/clang/3.9.1/lib/linux/libclang_rt.asan-x86_64.so+0xf6608) #1 0x43133c in ebitmap_set_bit /usr/src/selinux/libsepol/src/ebitmap.c:321:27 Indirect leak of 18 byte(s) in 1 object(s) allocated from: #0 0x7f8bd80b5eb0 in __interceptor___strdup (/usr/lib/clang/3.9.1/lib/linux/libclang_rt.asan-x86_64.so+0x84eb0) #1 0x41a6e5 in define_te_avtab_helper /usr/src/selinux/checkpolicy/policy_define.c:2460:28 #2 0x41b6c8 in define_te_avtab /usr/src/selinux/checkpolicy/policy_define.c:2621:6 #3 0x40522b in yyparse /usr/src/selinux/checkpolicy/policy_parse.y:470:10 #4 0x411816 in read_source_policy /usr/src/selinux/checkpolicy/parse_util.c:64:6 #5 0x7f8bd7cb3290 in __libc_start_main (/usr/lib/libc.so.6+0x20290) SUMMARY: AddressSanitizer: 186 byte(s) leaked in 4 allocation(s). Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>		2017-01-23 11:26:44 -05:00
..
test	Re-link programs after libsepol.a is updated	2017-01-18 16:41:34 -05:00
.gitignore	Repo: update .gitignore	2011-08-02 13:31:51 -04:00
COPYING	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
Makefile	Re-link programs after libsepol.a is updated	2017-01-18 16:41:34 -05:00
VERSION	Update VERSION and ChangeLog files for 2.6 final release.	2016-10-14 11:31:26 -04:00
checkmodule.8	checkpolicy: Add support for generating CIL	2015-04-01 13:09:26 -04:00
checkmodule.c	checkpolicy: Fix checkmodule output message	2016-05-16 16:33:29 -04:00
checkpolicy.8	checkpolicy: Add support for generating CIL	2015-04-01 13:09:26 -04:00
checkpolicy.c	checkpolicy: always include ctypes.h	2017-01-09 16:00:25 -05:00
checkpolicy.h	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
module_compiler.c	Fix -Wreturn-type issues.	2015-06-12 08:35:22 -04:00
module_compiler.h	checkpolicy: Separate tunable from boolean during compile.	2011-09-16 11:54:01 -04:00
parse_util.c	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
parse_util.h	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00
policy_define.c	checkpolicy: do not leak memory when a class is not found in an avrule	2017-01-23 11:26:44 -05:00
policy_define.h	checkpolicy: switch operations to extended perms	2015-06-15 09:21:20 -04:00
policy_parse.y	Add neverallow support for ioctl extended permissions	2015-09-22 10:52:47 -04:00
policy_scan.l	Extend checkpolicy pathname matching.	2016-07-14 11:41:28 -04:00
queue.c	checkpolicy: do not leak queue elements in queue_destroy()	2017-01-06 13:33:15 -05:00
queue.h	initial import from svn trunk revision 2950	2008-08-19 15:30:36 -04:00