From 6a356abf0842f4ec86f56104dac529cf24cac549 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Christian=20G=C3=B6ttsche?= Date: Mon, 6 Dec 2021 21:09:59 +0100 Subject: [PATCH] checkpolicy: free avrule on error MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Free the allocated avrule in define_te_avtab_xperms_helper() on failures. Also free the target classes ebitmap on allocation failure. Direct leak of 136 byte(s) in 1 object(s) allocated from: #0 0x49bb5d in __interceptor_malloc (./checkpolicy/checkpolicy+0x49bb5d) #1 0x4e6eea in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2041:24 #2 0x4e6eea in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 #3 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 #4 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 #5 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 #6 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Indirect leak of 32 byte(s) in 1 object(s) allocated from: #0 0x4877b4 in strdup (./checkpolicy/checkpolicy+0x4877b4) #1 0x4e6fa7 in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2051:28 #2 0x4e6fa7 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 #3 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 #4 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 #5 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 #6 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Indirect leak of 24 byte(s) in 1 object(s) allocated from: #0 0x49bb5d in __interceptor_malloc (./checkpolicy/checkpolicy+0x49bb5d) #1 0x50f2fa in ebitmap_set_bit ./libsepol/src/ebitmap.c:346:27 #2 0x4eb632 in set_types ./checkpolicy/policy_define.c #3 0x4e7055 in define_te_avtab_xperms_helper ./checkpolicy/policy_define.c:2059:7 #4 0x4e7055 in define_te_avtab_extended_perms ./checkpolicy/policy_define.c:2487:6 #5 0x4cef0b in yyparse ./checkpolicy/policy_parse.y:494:30 #6 0x4e0575 in read_source_policy ./checkpolicy/parse_util.c:63:6 #7 0x4ff121 in main ./checkpolicy/checkpolicy.c:616:7 #8 0x7fe31628b7ec in __libc_start_main csu/../csu/libc-start.c:332:16 Signed-off-by: Christian Göttsche --- checkpolicy/policy_define.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/checkpolicy/policy_define.c b/checkpolicy/policy_define.c index f431939fe3..f997084588 100644 --- a/checkpolicy/policy_define.c +++ b/checkpolicy/policy_define.c @@ -2065,7 +2065,8 @@ static int define_te_avtab_xperms_helper(int which, avrule_t ** rule) avrule->xperms = NULL; if (!avrule->source_filename) { yyerror("out of memory"); - return -1; + ret = -1; + goto out; } while ((id = queue_remove(id_queue))) { @@ -2126,6 +2127,7 @@ static int define_te_avtab_xperms_helper(int which, avrule_t ** rule) if (!cur_perms) { yyerror("out of memory"); ret = -1; + ebitmap_destroy(&tclasses); goto out; } class_perm_node_init(cur_perms); @@ -2165,7 +2167,11 @@ static int define_te_avtab_xperms_helper(int which, avrule_t ** rule) avrule->perms = perms; *rule = avrule; + return 0; out: + avrule_destroy(avrule); + free(avrule); + return ret; }