memory leak in libselinux
Liu Jian
gjk.liu at gmail.com
Wed Jan 31 14:25:04 UTC 2007
Dear All,
We have found a memory leak in libselinux. The following is the
function "fsetfilecon_raw" in "setfilecon.c" with comments added by
myself.
int setfilecon_raw(const char *path, security_context_t context)
{
mac_t mac;
char tmp[strlen(context) + strlen("sebsd/0")];
int r;
if (mac_prepare(&mac, "sebsd")) //malloc(sizeof(**mac)) is
called firstly in mac_prepare
return -1;
strcpy(tmp, "sebsd/");
strcat(tmp, context);
if (mac_from_text(&mac, tmp)) { //malloc(sizeof(**mac)) is
called secondly in mac_prepare
mac_free(mac); // moreover,
the first malloced mac is lost.
return -1;
}
r = mac_set_file(path, mac);
mac_free(mac);
return r;
}
As the program shows that a mac is firstly malloced at mac_prepare
(here, pls refer the defintion of mac_prepare in mac.c at libc), and
after that a new malloc(sizeof(**mac)) is called in
mac_from_text(also pls refer to mac.c at libc). Moreover, the first
malloced mac is lost here and memory leak occurs.
The same situation also appears in "setcon.c, lsetfilecon.c,
setexeccon.c and setfilescon.c".
This memory leak will suck a lots when runing setfiles program.
by Liu Jian
----------
email to: GJK.Liu at gmail.com
More information about the trustedbsd-discuss
mailing list