* libsepol and libselinux patches
@ 2006-05-23 15:44 Serge E. Hallyn
2006-05-24 19:43 ` Stephen Smalley
0 siblings, 1 reply; 5+ messages in thread
From: Serge E. Hallyn @ 2006-05-23 15:44 UTC (permalink / raw)
To: SELinux
Starting my not-as-regular-as-i'd-like static analysis run of
selinux-usr. Here are a few patches to libsepol and libselinux.
Hope to go through the rest later this week.
libselinux/src/matchmediacon.c:
'found' initialized to -1, not 0
libselinux/src/setrans_client.c:
'ret_val' is being returned, but codpath makes it pretty clear
the intent is to return ret.
libsepol/src/expand.c:
accessing new_level->level->cat when new_level->level could
be NULL
libsepol/src/hierarchy.c
freeing parent before potential dereference in
ERR.
libsepol/src/nodes.c:
jumping to 'omem' before addr_buf and mask_buf
are declared, but they are used after 'omem:'.
Testcase suggests these will not be initialized.
libsepol/src/policydb.c:
'c' is never freed in read_cons_helper?
newc and newc->u.name are not freed in genfs_read
thanks,
-serge
--- libselinux/src/matchmediacon.c.orig 2006-05-23 09:25:46.000000000 -0500
+++ libselinux/src/matchmediacon.c 2006-05-23 09:25:50.000000000 -0500
@@ -17,7 +17,7 @@ int matchmediacon(const char *media,
const char *path = selinux_media_context_path();
FILE *infile;
char *ptr, *ptr2=NULL;
- int found=-1;
+ int found=0;
char current_line[PATH_MAX];
if ((infile = fopen(path, "r")) == NULL)
return -1;
--- libselinux/src/setrans_client.c.orig 2006-05-23 09:41:35.000000000 -0500
+++ libselinux/src/setrans_client.c 2006-05-23 09:41:40.000000000 -0500
@@ -196,7 +196,7 @@ static int trans_to_raw_context(char *tr
ret = ret_val;
out:
close(fd);
- return ret_val;
+ return ret;
}
--- libsepol/src/expand.c.orig 2006-05-23 07:28:24.000000000 -0500
+++ libsepol/src/expand.c 2006-05-23 07:28:54.000000000 -0500
@@ -650,7 +650,7 @@ static int sens_copy_callback(hashtab_ke
out_of_mem:
ERR(state->handle, "Out of memory!");
- if (new_level != NULL) {
+ if (new_level != NULL && new_level->level != NULL) {
ebitmap_destroy(&new_level->level->cat);
free(new_level->level);
}
--- libsepol/src/hierarchy.c.orig 2006-05-23 07:30:21.000000000 -0500
+++ libsepol/src/hierarchy.c 2006-05-23 07:30:40.000000000 -0500
@@ -336,10 +336,10 @@ static int check_role_hierarchy_callback
free(parent);
return 1;
}
- free(parent);
if (ebitmap_or(&eb, &r->types.types, &rp->types.types)) {
/* Memory error */
+ free(parent);
return -1;
}
@@ -349,10 +349,12 @@ static int check_role_hierarchy_callback
ERR(a->handle, "Role hierarchy violation, %s exceeds %s",
a->p->p_role_val_to_name[r->value - 1],
parent);
+ free(parent);
return 1;
}
ebitmap_destroy(&eb);
+ free(parent);
return 0;
}
--- libsepol/src/nodes.c.orig 2006-05-23 07:43:19.000000000 -0500
+++ libsepol/src/nodes.c 2006-05-23 07:43:30.000000000 -0500
@@ -19,12 +19,12 @@ static int node_from_record(
ocontext_t* tmp_node = NULL;
context_struct_t* tmp_con = NULL;
+ char *addr_buf = NULL, *mask_buf = NULL;
tmp_node = (ocontext_t *) calloc(1, sizeof(ocontext_t));
if (!tmp_node)
goto omem;
- char *addr_buf = NULL, *mask_buf = NULL;
size_t addr_bsize, mask_bsize;
/* Address and netmask */
--- libsepol/src/policydb.c.orig 2006-05-23 07:48:58.000000000 -0500
+++ libsepol/src/policydb.c 2006-05-23 08:36:50.000000000 -0500
@@ -1435,22 +1435,28 @@ static int read_cons_helper(policydb_t *
if (!c)
return -1;
buf = next_entry(fp, (sizeof(uint32_t) * 2));
- if (!buf)
+ if (!buf) {
+ free(c);
return -1;
+ }
c->permissions = le32_to_cpu(buf[0]);
nexpr = le32_to_cpu(buf[1]);
le = NULL;
depth = -1;
for (j = 0; j < nexpr; j++) {
e = malloc(sizeof(constraint_expr_t));
- if (!e)
+ if (!e) {
+ free(c);
return -1;
+ }
if (constraint_expr_init(e) == -1) {
+ free(c);
free(e);
return -1;
}
buf = next_entry(fp, (sizeof(uint32_t) * 3));
if (!buf) {
+ free(c);
constraint_expr_destroy(e);
return -1;
}
@@ -1461,6 +1467,7 @@ static int read_cons_helper(policydb_t *
switch (e->expr_type) {
case CEXPR_NOT:
if (depth < 0) {
+ free(c);
constraint_expr_destroy(e);
return -1;
}
@@ -1468,6 +1475,7 @@ static int read_cons_helper(policydb_t *
case CEXPR_AND:
case CEXPR_OR:
if (depth < 1) {
+ free(c);
constraint_expr_destroy(e);
return -1;
}
@@ -1475,6 +1483,7 @@ static int read_cons_helper(policydb_t *
break;
case CEXPR_ATTR:
if (depth == (CEXPR_MAXDEPTH-1)) {
+ free(c);
constraint_expr_destroy(e);
return -1;
}
@@ -1482,25 +1491,30 @@ static int read_cons_helper(policydb_t *
break;
case CEXPR_NAMES:
if (!allowxtarget && (e->attr & CEXPR_XTARGET)) {
+ free(c);
constraint_expr_destroy(e);
return -1;
}
if (depth == (CEXPR_MAXDEPTH-1)) {
+ free(c);
constraint_expr_destroy(e);
return -1;
}
depth++;
if (ebitmap_read(&e->names, fp)) {
+ free(c);
constraint_expr_destroy(e);
return -1;
}
if (p->policy_type != POLICY_KERN &&
type_set_read(e->type_names, fp)) {
+ free(c);
constraint_expr_destroy(e);
return -1;
}
break;
default:
+ free(c);
constraint_expr_destroy(e);
return -1;
break;
@@ -1949,23 +1963,23 @@ static int genfs_read (policydb_t *p, st
}
buf = next_entry(fp, sizeof(uint32_t));
if (!buf)
- goto bad;
+ goto bad_freenewc;
len = le32_to_cpu(buf[0]);
buf = next_entry(fp, len);
if (!buf)
- goto bad;
+ goto bad_freenewc;
newc->u.name = malloc(len + 1);
if (!newc->u.name) {
- goto bad;
+ goto bad_freenewc;
}
memcpy(newc->u.name, buf, len);
newc->u.name[len] = 0;
buf = next_entry(fp, sizeof(uint32_t));
if (!buf)
- goto bad;
+ goto bad_freename;
newc->v.sclass = le32_to_cpu(buf[0]);
if (context_read_and_validate(&newc->context[0], p, fp))
- goto bad;
+ goto bad_freename;
for (l = NULL, c = newgenfs->head; c;
l = c, c = c->next) {
if (!strcmp(newc->u.name, c->u.name) &&
@@ -1974,7 +1988,7 @@ static int genfs_read (policydb_t *p, st
ERR(fp->handle, "dup genfs entry "
"(%s,%s)", newgenfs->fstype,
c->u.name);
- goto bad;
+ goto bad_context;
}
len = strlen(newc->u.name);
len2 = strlen(c->u.name);
@@ -1991,6 +2005,12 @@ static int genfs_read (policydb_t *p, st
return 0;
+bad_context:
+ context_destroy(&newc->context[0]);
+bad_freename:
+ free(newc->u.name);
+bad_freenewc:
+ free(newc);
bad:
return -1;
}
@@ -2461,14 +2481,17 @@ static int avrule_block_read(policydb_t
num_decls = le32_to_cpu(buf[0]);
while (num_decls > 0) {
if ((curdecl = avrule_decl_create(0)) == NULL) {
+ free(curblock);
return -1;
}
if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == -1) {
+ free(curblock);
return -1;
}
if (curdecl->enabled) {
if (curblock->enabled != NULL) {
/* probably a corrupt file */
+ free(curblock);
return -1;
}
curblock->enabled = curdecl;
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: libsepol and libselinux patches
2006-05-23 15:44 libsepol and libselinux patches Serge E. Hallyn
@ 2006-05-24 19:43 ` Stephen Smalley
2006-05-24 22:45 ` Serge E. Hallyn
2006-05-26 16:03 ` Serge E. Hallyn
0 siblings, 2 replies; 5+ messages in thread
From: Stephen Smalley @ 2006-05-24 19:43 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: SELinux-dev, SELinux
On Tue, 2006-05-23 at 10:44 -0500, Serge E. Hallyn wrote:
> Starting my not-as-regular-as-i'd-like static analysis run of
> selinux-usr. Here are a few patches to libsepol and libselinux.
> Hope to go through the rest later this week.
>
> libselinux/src/matchmediacon.c:
> 'found' initialized to -1, not 0
> libselinux/src/setrans_client.c:
> 'ret_val' is being returned, but codpath makes it pretty clear
> the intent is to return ret.
> libsepol/src/expand.c:
> accessing new_level->level->cat when new_level->level could
> be NULL
> libsepol/src/hierarchy.c
> freeing parent before potential dereference in
> ERR.
> libsepol/src/nodes.c:
> jumping to 'omem' before addr_buf and mask_buf
> are declared, but they are used after 'omem:'.
> Testcase suggests these will not be initialized.
> libsepol/src/policydb.c:
> 'c' is never freed in read_cons_helper?
> newc and newc->u.name are not freed in genfs_read
>
> thanks,
> -serge
Thanks, everything up to the policydb.c ones look fine and I'll apply.
Comments below on the policydb.c ones, after looking to see what the
current state of the corresponding kernel security server code is.
> --- libsepol/src/policydb.c.orig 2006-05-23 07:48:58.000000000 -0500
> +++ libsepol/src/policydb.c 2006-05-23 08:36:50.000000000 -0500
> @@ -1435,22 +1435,28 @@ static int read_cons_helper(policydb_t *
> if (!c)
> return -1;
> buf = next_entry(fp, (sizeof(uint32_t) * 2));
> - if (!buf)
> + if (!buf) {
> + free(c);
> return -1;
> + }
This can be done more cleanly by linking c into the list early, and then
just relying on policydb_destroy() by the caller to clean it up, as with
much of the cleanup on failed policydb_read(). That appears to already
be the case in the kernel code.
> @@ -1949,23 +1963,23 @@ static int genfs_read (policydb_t *p, st
> }
> buf = next_entry(fp, sizeof(uint32_t));
> if (!buf)
> - goto bad;
> + goto bad_freenewc;
I'd think we could do this in the same way (link newc early, along with
its parent), although the kernel code appears to instead jump to an
error path that uses an ocontext_destroy() helper to handle all cases.
> +bad_context:
> + context_destroy(&newc->context[0]);
> +bad_freename:
> + free(newc->u.name);
> +bad_freenewc:
> + free(newc);
These could be collapsed into a single error path, right? Initial
calloc will put it into a valid state for all of this cleanup?
> @@ -2461,14 +2481,17 @@ static int avrule_block_read(policydb_t
> num_decls = le32_to_cpu(buf[0]);
> while (num_decls > 0) {
> if ((curdecl = avrule_decl_create(0)) == NULL) {
> + free(curblock);
> return -1;
> }
Appears to miss the prior next_entry() error path, and we need to do
more here since we may now have linked avrule_decl's into the block.
avrule_block_destroy(), maybe.
> if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == -1) {
> + free(curblock);
> return -1;
> }
Need to deal with the allocated decl (avrule_decl_destroy?) and then the
entire chain from the block.
> if (curdecl->enabled) {
> if (curblock->enabled != NULL) {
> /* probably a corrupt file */
> + free(curblock);
> return -1;
> }
Same issue.
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: libsepol and libselinux patches
2006-05-24 19:43 ` Stephen Smalley
@ 2006-05-24 22:45 ` Serge E. Hallyn
2006-05-26 16:03 ` Serge E. Hallyn
1 sibling, 0 replies; 5+ messages in thread
From: Serge E. Hallyn @ 2006-05-24 22:45 UTC (permalink / raw)
To: Stephen Smalley; +Cc: Serge E. Hallyn, SELinux-dev, SELinux
Quoting Stephen Smalley (sds@tycho.nsa.gov):
> Comments below on the policydb.c ones, after looking to see what the
> current state of the corresponding kernel security server code is.
Will attempt to respin and resend the policydb patch later this week.
thanks,
-serge
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: libsepol and libselinux patches
2006-05-24 19:43 ` Stephen Smalley
2006-05-24 22:45 ` Serge E. Hallyn
@ 2006-05-26 16:03 ` Serge E. Hallyn
2006-05-26 20:01 ` Stephen Smalley
1 sibling, 1 reply; 5+ messages in thread
From: Serge E. Hallyn @ 2006-05-26 16:03 UTC (permalink / raw)
To: Stephen Smalley; +Cc: Serge E. Hallyn, SELinux-dev, SELinux
Quoting Stephen Smalley (sds@tycho.nsa.gov):
> > --- libsepol/src/policydb.c.orig 2006-05-23 07:48:58.000000000 -0500
> > +++ libsepol/src/policydb.c 2006-05-23 08:36:50.000000000 -0500
> > @@ -1435,22 +1435,28 @@ static int read_cons_helper(policydb_t *
> > if (!c)
> > return -1;
> > buf = next_entry(fp, (sizeof(uint32_t) * 2));
> > - if (!buf)
> > + if (!buf) {
> > + free(c);
> > return -1;
> > + }
> This can be done more cleanly by linking c into the list early, and then
> just relying on policydb_destroy() by the caller to clean it up, as with
> much of the cleanup on failed policydb_read(). That appears to already
> be the case in the kernel code.
Ok, the appended patch takes the same approach as in the kernel,
extending this to the le links as well.
> > @@ -1949,23 +1963,23 @@ static int genfs_read (policydb_t *p, st
> > }
> > buf = next_entry(fp, sizeof(uint32_t));
> > if (!buf)
> > - goto bad;
> > + goto bad_freenewc;
>
> I'd think we could do this in the same way (link newc early, along with
> its parent), although the kernel code appears to instead jump to an
> error path that uses an ocontext_destroy() helper to handle all cases.
>
> > +bad_context:
> > + context_destroy(&newc->context[0]);
> > +bad_freename:
> > + free(newc->u.name);
> > +bad_freenewc:
> > + free(newc);
> These could be collapsed into a single error path, right? Initial
> calloc will put it into a valid state for all of this cleanup?
Ah, yes, ok, appended patch fixes that up.
>
> > @@ -2461,14 +2481,17 @@ static int avrule_block_read(policydb_t
> > num_decls = le32_to_cpu(buf[0]);
> > while (num_decls > 0) {
> > if ((curdecl = avrule_decl_create(0)) == NULL) {
> > + free(curblock);
> > return -1;
> > }
>
> Appears to miss the prior next_entry() error path, and we need to do
Hmm. Well my .c file didn't :) I must have made the '.c.orig' backup
after I started fixing it up.
> more here since we may now have linked avrule_decl's into the block.
> avrule_block_destroy(), maybe.
>
> > if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == -1) {
> > + free(curblock);
> > return -1;
> > }
>
> Need to deal with the allocated decl (avrule_decl_destroy?) and then the
> entire chain from the block.
>
> > if (curdecl->enabled) {
> > if (curblock->enabled != NULL) {
> > /* probably a corrupt file */
> > + free(curblock);
> > return -1;
> > }
>
> Same issue.
Ok, I believe the following patch addresses the above. The decl chain
should be handled by the avrule_block_list_destroy, so i think i'm
freeing everything at this point.
thanks,
-serge
--- policydb.c.orig 2006-05-26 09:42:50.000000000 -0500
+++ policydb.c 2006-05-26 10:32:01.000000000 -0500
@@ -1434,6 +1434,11 @@
c = calloc(1, sizeof(constraint_node_t));
if (!c)
return -1;
+
+ if (lc)
+ lc->next = c;
+ else
+ *nodep = c;
buf = next_entry(fp, (sizeof(uint32_t) * 2));
if (!buf)
return -1;
@@ -1449,76 +1454,54 @@
free(e);
return -1;
}
+ if (le) {
+ le->next = e;
+ } else {
+ c->expr = e;
+ }
+
buf = next_entry(fp, (sizeof(uint32_t) * 3));
- if (!buf) {
- constraint_expr_destroy(e);
+ if (!buf)
return -1;
- }
e->expr_type = le32_to_cpu(buf[0]);
e->attr = le32_to_cpu(buf[1]);
e->op = le32_to_cpu(buf[2]);
switch (e->expr_type) {
case CEXPR_NOT:
- if (depth < 0) {
- constraint_expr_destroy(e);
+ if (depth < 0)
return -1;
- }
break;
case CEXPR_AND:
case CEXPR_OR:
- if (depth < 1) {
- constraint_expr_destroy(e);
+ if (depth < 1)
return -1;
- }
depth--;
break;
case CEXPR_ATTR:
- if (depth == (CEXPR_MAXDEPTH-1)) {
- constraint_expr_destroy(e);
+ if (depth == (CEXPR_MAXDEPTH-1))
return -1;
- }
depth++;
break;
case CEXPR_NAMES:
- if (!allowxtarget && (e->attr & CEXPR_XTARGET)) {
- constraint_expr_destroy(e);
+ if (!allowxtarget && (e->attr & CEXPR_XTARGET))
return -1;
- }
- if (depth == (CEXPR_MAXDEPTH-1)) {
- constraint_expr_destroy(e);
+ if (depth == (CEXPR_MAXDEPTH-1))
return -1;
- }
depth++;
- if (ebitmap_read(&e->names, fp)) {
- constraint_expr_destroy(e);
+ if (ebitmap_read(&e->names, fp))
return -1;
- }
if (p->policy_type != POLICY_KERN &&
- type_set_read(e->type_names, fp)) {
- constraint_expr_destroy(e);
+ type_set_read(e->type_names, fp))
return -1;
- }
break;
default:
- constraint_expr_destroy(e);
return -1;
- break;
- }
- if (le) {
- le->next = e;
- } else {
- c->expr = e;
}
le = e;
}
if (depth != 0)
return -1;
- if (lc) {
- lc->next = c;
- } else {
- *nodep = c;
- }
lc = c;
}
@@ -1898,7 +1881,7 @@
size_t nel, nel2, len, len2;
genfs_t *genfs_p, *newgenfs, *genfs;
unsigned int i, j;
- ocontext_t *l, *c, *newc;
+ ocontext_t *l, *c, *newc = NULL;
buf = next_entry(fp, sizeof(uint32_t));
if (!buf)
@@ -1992,6 +1975,11 @@
return 0;
bad:
+ if (newc) {
+ context_destroy(&newc->context[0]);
+ free(newc->u.name);
+ free(newc);
+ }
return -1;
}
@@ -2455,19 +2443,31 @@
}
if ((buf = next_entry(fp, sizeof(uint32_t))) == NULL) {
+ free(curblock);
return -1;
}
num_decls = le32_to_cpu(buf[0]);
while (num_decls > 0) {
if ((curdecl = avrule_decl_create(0)) == NULL) {
+ free(curblock);
+ if (*block)
+ avrule_block_list_destroy(*block);
return -1;
}
if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == -1) {
+ free(curblock);
+ if (*block)
+ avrule_block_list_destroy(*block);
+ avrule_decl_destroy(curdecl);
return -1;
}
if (curdecl->enabled) {
if (curblock->enabled != NULL) {
/* probably a corrupt file */
+ free(curblock);
+ if (*block)
+ avrule_block_list_destroy(*block);
+ avrule_decl_destroy(curdecl);
return -1;
}
curblock->enabled = curdecl;
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: libsepol and libselinux patches
2006-05-26 16:03 ` Serge E. Hallyn
@ 2006-05-26 20:01 ` Stephen Smalley
0 siblings, 0 replies; 5+ messages in thread
From: Stephen Smalley @ 2006-05-26 20:01 UTC (permalink / raw)
To: Serge E. Hallyn; +Cc: SELinux-dev, SELinux
On Fri, 2006-05-26 at 11:03 -0500, Serge E. Hallyn wrote:
> Ok, I believe the following patch addresses the above. The decl chain
> should be handled by the avrule_block_list_destroy, so i think i'm
> freeing everything at this point.
>
> thanks,
> -serge
>
> @@ -1898,7 +1881,7 @@
> size_t nel, nel2, len, len2;
> genfs_t *genfs_p, *newgenfs, *genfs;
> unsigned int i, j;
> - ocontext_t *l, *c, *newc;
> + ocontext_t *l, *c, *newc = NULL;
>
> buf = next_entry(fp, sizeof(uint32_t));
> if (!buf)
> @@ -1992,6 +1975,11 @@
> return 0;
>
> bad:
> + if (newc) {
> + context_destroy(&newc->context[0]);
> + free(newc->u.name);
> + free(newc);
> + }
> return -1;
> }
Hmm...we still aren't handling the potential newgenfs leak, and we can't
easily move up the linkage for it or handle it on the bad path, so see
interdiff below.
> while (num_decls > 0) {
> if ((curdecl = avrule_decl_create(0)) == NULL) {
> + free(curblock);
> + if (*block)
> + avrule_block_list_destroy(*block);
> return -1;
> }
I don't think we want this. Assuming that the caller ultimately does a
policydb_destroy (which in the libsepol case has migrated from
policydb_read error path to the callers due to the separation of
create/init from policydb_read for the shared APIs), we don't have to
destroy what is already in the block list. And curblock may already
have multiple decls linked into it at this point, so we need to
avrule_block_destroy it. See interdiff below. avrule_decl_destroy also
needs to be made non-static for this to compile.
diff -u libsepol/src/policydb.c libsepol/src/policydb.c
--- libsepol/src/policydb.c 26 May 2006 19:00:20 -0000
+++ libsepol/src/policydb.c 26 May 2006 19:02:10 -0000
@@ -1439,6 +1439,7 @@
lc->next = c;
else
*nodep = c;
+
buf = next_entry(fp, (sizeof(uint32_t) * 2));
if (!buf)
return -1;
@@ -1889,19 +1890,21 @@
nel = le32_to_cpu(buf[0]);
genfs_p = NULL;
for (i = 0; i < nel; i++) {
- newgenfs = calloc(1, sizeof(genfs_t));
- if (!newgenfs) {
- goto bad;
- }
buf = next_entry(fp, sizeof(uint32_t));
if (!buf)
goto bad;
len = le32_to_cpu(buf[0]);
+ newgenfs = calloc(1, sizeof(genfs_t));
+ if (!newgenfs)
+ goto bad;
buf = next_entry(fp, len);
- if (!buf)
+ if (!buf) {
+ free(newgenfs);
goto bad;
+ }
newgenfs->fstype = malloc(len + 1);
if (!newgenfs->fstype) {
+ free(newgenfs);
goto bad;
}
memcpy(newgenfs->fstype, buf, len);
@@ -1911,6 +1914,8 @@
if (strcmp(newgenfs->fstype, genfs->fstype) == 0) {
ERR(fp->handle, "dup genfs fstype %s",
newgenfs->fstype);
+ free(newgenfs->fstype);
+ free(newgenfs);
goto bad;
}
if (strcmp(newgenfs->fstype, genfs->fstype) < 0)
@@ -1977,6 +1982,7 @@
bad:
if (newc) {
context_destroy(&newc->context[0]);
+ context_destroy(&newc->context[1]);
free(newc->u.name);
free(newc);
}
@@ -2449,25 +2455,19 @@
num_decls = le32_to_cpu(buf[0]);
while (num_decls > 0) {
if ((curdecl = avrule_decl_create(0)) == NULL) {
- free(curblock);
- if (*block)
- avrule_block_list_destroy(*block);
+ avrule_block_destroy(curblock);
return -1;
}
if (avrule_decl_read(p, curdecl, num_scope_syms, fp) == -1) {
- free(curblock);
- if (*block)
- avrule_block_list_destroy(*block);
avrule_decl_destroy(curdecl);
+ avrule_block_destroy(curblock);
return -1;
}
if (curdecl->enabled) {
if (curblock->enabled != NULL) {
/* probably a corrupt file */
- free(curblock);
- if (*block)
- avrule_block_list_destroy(*block);
avrule_decl_destroy(curdecl);
+ avrule_block_destroy(curblock);
return -1;
}
curblock->enabled = curdecl;
only in patch2:
unchanged:
--- libsepol/include/sepol/policydb/avrule_block.h 7 Oct 2005 20:10:14 -0000 1.1
+++ libsepol/include/sepol/policydb/avrule_block.h 26 May 2006 19:02:10 -0000
@@ -23,8 +23,9 @@
#include <sepol/policydb/policydb.h>
extern avrule_block_t *avrule_block_create(void);
-extern avrule_decl_t *avrule_decl_create(uint32_t decl_id);
extern void avrule_block_destroy(avrule_block_t *x);
+extern avrule_decl_t *avrule_decl_create(uint32_t decl_id);
+extern void avrule_decl_destroy(avrule_decl_t *x);
extern void avrule_block_list_destroy(avrule_block_t *x);
extern avrule_decl_t *get_avrule_decl(policydb_t *p, uint32_t decl_id);
extern cond_list_t *get_decl_cond_list(policydb_t *p,
only in patch2:
unchanged:
--- libsepol/src/avrule_block.c 7 Oct 2005 20:10:15 -0000 1.5
+++ libsepol/src/avrule_block.c 26 May 2006 19:02:10 -0000
@@ -41,8 +41,6 @@ static unsigned int symtab_sizes[SYM_NUM
2,
};
-static void avrule_decl_destroy(avrule_decl_t *x);
-
avrule_block_t *avrule_block_create(void)
{
avrule_block_t *block;
@@ -91,7 +89,7 @@ static void scope_index_destroy(scope_in
free(scope->class_perms_map);
}
-static void avrule_decl_destroy(avrule_decl_t *x)
+void avrule_decl_destroy(avrule_decl_t *x)
{
if (x == NULL) {
return;
--
Stephen Smalley
National Security Agency
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2006-05-26 20:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2006-05-23 15:44 libsepol and libselinux patches Serge E. Hallyn
2006-05-24 19:43 ` Stephen Smalley
2006-05-24 22:45 ` Serge E. Hallyn
2006-05-26 16:03 ` Serge E. Hallyn
2006-05-26 20:01 ` Stephen Smalley
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.