checkpolicy: free id where it was leaked

Several functions in policy_define.c do not free id after handling it.
Add the missing free(id) statements.

The places where free(id) was missing were found both with gcc Address
Sanitizer and manual code inspection.

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
This commit is contained in:
Nicolas Iooss 2016-12-26 22:18:32 +01:00 committed by James Carter
parent 47f61b0ee9
commit c1ba831122

View File

@ -1232,6 +1232,7 @@ int define_typealias(void)
free(id);
return -1;
}
free(id);
return add_aliases_to_type(t);
}
@ -1263,6 +1264,7 @@ int define_typeattribute(void)
free(id);
return -1;
}
free(id);
while ((id = queue_remove(id_queue))) {
if (!is_id_in_scope(SYM_TYPES, id)) {
@ -1459,25 +1461,25 @@ static int set_types(type_set_t * set, char *id, int *add, char starallowed)
type_datum_t *t;
if (strcmp(id, "*") == 0) {
free(id);
if (!starallowed) {
yyerror("* not allowed in this type of rule");
return -1;
}
/* set TYPE_STAR flag */
set->flags = TYPE_STAR;
free(id);
*add = 1;
return 0;
}
if (strcmp(id, "~") == 0) {
free(id);
if (!starallowed) {
yyerror("~ not allowed in this type of rule");
return -1;
}
/* complement the set */
set->flags = TYPE_COMP;
free(id);
*add = 1;
return 0;
}
@ -1570,8 +1572,10 @@ int define_compute_type_helper(int which, avrule_t ** rule)
(hashtab_key_t) id);
if (!datum || datum->flavor == TYPE_ATTRIB) {
yyerror2("unknown type %s", id);
free(id);
goto bad;
}
free(id);
ebitmap_for_each_bit(&tclasses, node, i) {
if (ebitmap_node_get_bit(node, i)) {
@ -2008,6 +2012,7 @@ int define_te_avtab_xperms_helper(int which, avrule_t ** rule)
(class_perm_node_t *) malloc(sizeof(class_perm_node_t));
if (!cur_perms) {
yyerror("out of memory");
free(id);
ret = -1;
goto out;
}
@ -2043,6 +2048,7 @@ int define_te_avtab_xperms_helper(int which, avrule_t ** rule)
}
}
free(id);
ebitmap_destroy(&tclasses);
avrule->perms = perms;
@ -2389,11 +2395,12 @@ int define_te_avtab_extended_perms(int which)
id = queue_remove(id_queue);
if (strcmp(id,"ioctl") == 0) {
free(id);
if (define_te_avtab_ioctl(avrule_template))
return -1;
free(id);
} else {
yyerror("only ioctl extended permissions are supported");
free(id);
return -1;
}
return 0;
@ -3090,13 +3097,16 @@ int define_role_trans(int class_specified)
role = hashtab_search(policydbp->p_roles.table, id);
if (!role) {
yyerror2("unknown role %s used in transition definition", id);
free(id);
goto bad;
}
if (role->flavor != ROLE_ROLE) {
yyerror2("the new role %s must be a regular role", id);
free(id);
goto bad;
}
free(id);
/* This ebitmap business is just to ensure that there are not conflicting role_trans rules */
if (role_set_expand(&roles, &e_roles, policydbp, NULL, NULL))