mirror of
https://github.com/topjohnwu/selinux.git
synced 2024-12-05 01:56:27 +00:00
checkpolicy: free id where it was leaked
Several functions in policy_define.c do not free id after handling it. Add the missing free(id) statements. The places where free(id) was missing were found both with gcc Address Sanitizer and manual code inspection. Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
parent
47f61b0ee9
commit
c1ba831122
@ -1232,6 +1232,7 @@ int define_typealias(void)
|
||||
free(id);
|
||||
return -1;
|
||||
}
|
||||
free(id);
|
||||
return add_aliases_to_type(t);
|
||||
}
|
||||
|
||||
@ -1263,6 +1264,7 @@ int define_typeattribute(void)
|
||||
free(id);
|
||||
return -1;
|
||||
}
|
||||
free(id);
|
||||
|
||||
while ((id = queue_remove(id_queue))) {
|
||||
if (!is_id_in_scope(SYM_TYPES, id)) {
|
||||
@ -1459,25 +1461,25 @@ static int set_types(type_set_t * set, char *id, int *add, char starallowed)
|
||||
type_datum_t *t;
|
||||
|
||||
if (strcmp(id, "*") == 0) {
|
||||
free(id);
|
||||
if (!starallowed) {
|
||||
yyerror("* not allowed in this type of rule");
|
||||
return -1;
|
||||
}
|
||||
/* set TYPE_STAR flag */
|
||||
set->flags = TYPE_STAR;
|
||||
free(id);
|
||||
*add = 1;
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (strcmp(id, "~") == 0) {
|
||||
free(id);
|
||||
if (!starallowed) {
|
||||
yyerror("~ not allowed in this type of rule");
|
||||
return -1;
|
||||
}
|
||||
/* complement the set */
|
||||
set->flags = TYPE_COMP;
|
||||
free(id);
|
||||
*add = 1;
|
||||
return 0;
|
||||
}
|
||||
@ -1570,8 +1572,10 @@ int define_compute_type_helper(int which, avrule_t ** rule)
|
||||
(hashtab_key_t) id);
|
||||
if (!datum || datum->flavor == TYPE_ATTRIB) {
|
||||
yyerror2("unknown type %s", id);
|
||||
free(id);
|
||||
goto bad;
|
||||
}
|
||||
free(id);
|
||||
|
||||
ebitmap_for_each_bit(&tclasses, node, i) {
|
||||
if (ebitmap_node_get_bit(node, i)) {
|
||||
@ -2008,6 +2012,7 @@ int define_te_avtab_xperms_helper(int which, avrule_t ** rule)
|
||||
(class_perm_node_t *) malloc(sizeof(class_perm_node_t));
|
||||
if (!cur_perms) {
|
||||
yyerror("out of memory");
|
||||
free(id);
|
||||
ret = -1;
|
||||
goto out;
|
||||
}
|
||||
@ -2043,6 +2048,7 @@ int define_te_avtab_xperms_helper(int which, avrule_t ** rule)
|
||||
}
|
||||
}
|
||||
|
||||
free(id);
|
||||
ebitmap_destroy(&tclasses);
|
||||
|
||||
avrule->perms = perms;
|
||||
@ -2389,11 +2395,12 @@ int define_te_avtab_extended_perms(int which)
|
||||
|
||||
id = queue_remove(id_queue);
|
||||
if (strcmp(id,"ioctl") == 0) {
|
||||
free(id);
|
||||
if (define_te_avtab_ioctl(avrule_template))
|
||||
return -1;
|
||||
free(id);
|
||||
} else {
|
||||
yyerror("only ioctl extended permissions are supported");
|
||||
free(id);
|
||||
return -1;
|
||||
}
|
||||
return 0;
|
||||
@ -3090,13 +3097,16 @@ int define_role_trans(int class_specified)
|
||||
role = hashtab_search(policydbp->p_roles.table, id);
|
||||
if (!role) {
|
||||
yyerror2("unknown role %s used in transition definition", id);
|
||||
free(id);
|
||||
goto bad;
|
||||
}
|
||||
|
||||
if (role->flavor != ROLE_ROLE) {
|
||||
yyerror2("the new role %s must be a regular role", id);
|
||||
free(id);
|
||||
goto bad;
|
||||
}
|
||||
free(id);
|
||||
|
||||
/* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
|
||||
if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))
|
||||
|
Loading…
Reference in New Issue
Block a user