Skip to content

Commit

Permalink
checkpolicy: fix the leak memory when uses xperms
Browse files Browse the repository at this point in the history 
In the define_te_avtab_ioctl function:
1. the parameter avrule_template has been copies to
new elements which added to avrule list through
the function avrule_cpy, so it should free avrule_template.
2. And for rangelist, it does not free the allocated memory.

The memory leak can by found by using memory sanitizer:
=================================================================
==20021==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 10336 byte(s) in 76 object(s) allocated from:
    #0 0x7f8f96d9cb50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50)
    SELinuxProject#1 0x55c2e9447fb3 in define_te_avtab_xperms_helper /mnt/sources/tools/selinux/checkpolicy/policy_define.c:2046
    SELinuxProject#2 0x55c2e944a6ca in define_te_avtab_extended_perms /mnt/sources/tools/selinux/checkpolicy/policy_define.c:2479
    SELinuxProject#3 0x55c2e943126b in yyparse /mnt/sources/tools/selinux/checkpolicy/policy_parse.y:494
    SELinuxProject#4 0x55c2e9440221 in read_source_policy /mnt/sources/tools/selinux/checkpolicy/parse_util.c:64
    SELinuxProject#5 0x55c2e945a3df in main /mnt/sources/tools/selinux/checkpolicy/checkpolicy.c:619
    SELinuxProject#6 0x7f8f968eeb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Direct leak of 240 byte(s) in 15 object(s) allocated from:
    #0 0x7f8f96d9cb50 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.4+0xdeb50)
    SELinuxProject#1 0x55c2e9446cd9 in avrule_sort_ioctls /mnt/sources/tools/selinux/checkpolicy/policy_define.c:1846
    SELinuxProject#2 0x55c2e9447d8f in avrule_ioctl_ranges /mnt/sources/tools/selinux/checkpolicy/policy_define.c:2020
    SELinuxProject#3 0x55c2e944a0de in define_te_avtab_ioctl /mnt/sources/tools/selinux/checkpolicy/policy_define.c:2409
    SELinuxProject#4 0x55c2e944a744 in define_te_avtab_extended_perms /mnt/sources/tools/selinux/checkpolicy/policy_define.c:2485
    SELinuxProject#5 0x55c2e94312bf in yyparse /mnt/sources/tools/selinux/checkpolicy/policy_parse.y:503
    SELinuxProject#6 0x55c2e9440221 in read_source_policy /mnt/sources/tools/selinux/checkpolicy/parse_util.c:64
    SELinuxProject#7 0x55c2e945a3df in main /mnt/sources/tools/selinux/checkpolicy/checkpolicy.c:619
    SELinuxProject#8 0x7f8f968eeb96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)

Signed-off-by: liwugang <[email protected]>
  • Loading branch information
@liwugang @cgzones
liwugang authored and cgzones committed May 22, 2021
1 parent 44f8bb1 commit 70cab40
Showing 1 changed file with 10 additions and 1 deletion.
11 changes: 10 additions & 1 deletion checkpolicy/policy_define.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2387,7 +2387,7 @@ static int avrule_cpy(avrule_t *dest, const avrule_t *src)
static int define_te_avtab_ioctl(const avrule_t *avrule_template)
{
avrule_t *avrule;
struct av_ioctl_range_list *rangelist;
struct av_ioctl_range_list *rangelist, *r, *r2;
av_extended_perms_t *complete_driver, *partial_driver, *xperms;
unsigned int i;

Expand Down Expand Up @@ -2445,6 +2445,13 @@ static int define_te_avtab_ioctl(const avrule_t *avrule_template)
if (partial_driver)
free(partial_driver);

r = rangelist;
while (r != NULL) {
r2 = r;
r = r->next;
free(r2);
}

return 0;
}

Expand All @@ -2471,6 +2478,8 @@ int define_te_avtab_extended_perms(int which)
free(id);
if (define_te_avtab_ioctl(avrule_template))
return -1;
avrule_destroy(avrule_template);
free(avrule_template);
} else {
yyerror("only ioctl extended permissions are supported");
free(id);
Expand Down

0 comments on commit 70cab40

Please sign in to comment.