rpms / mcstrans

Clone
Source Code
GIT

Blame SOURCES/0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch

c4 c5 c5-plus c6 c6-plus c7 c7-beta c8 c8-beta c8s c9 c9-beta
  1.   a5f30d5e5d893eddac27ccbee426f5b3ddae01a2
  2.   SOURCES
  3.   0001-mcstrans-Fir-RESOURCE_LEAK-and-USE_AFTER_FREE-coveri.patch
Blob History Raw
a5f30d 
From a9eae01e435c2d6f13f3672a50f545bab03e9992 Mon Sep 17 00:00:00 2001
a5f30d 
From: Petr Lautrbach <plautrba@redhat.com>
a5f30d 
Date: Wed, 28 Nov 2018 18:28:05 +0100
a5f30d 
Subject: [PATCH] mcstrans: Fir RESOURCE_LEAK and USE_AFTER_FREE coverity scan
a5f30d 
 defects
a5f30d
a5f30d 
---
a5f30d 
 mcstrans/src/mcstrans.c  | 21 +++++++++++++++++++--
a5f30d 
 mcstrans/src/mcstransd.c |  4 +++-
a5f30d 
 2 files changed, 22 insertions(+), 3 deletions(-)
a5f30d
a5f30d 
diff --git a/mcstrans/src/mcstrans.c b/mcstrans/src/mcstrans.c
a5f30d 
index 96bdbdff7d8b..0d9d0f3e25b7 100644
a5f30d 
--- a/mcstrans/src/mcstrans.c
a5f30d 
+++ b/mcstrans/src/mcstrans.c
a5f30d 
@@ -633,16 +633,23 @@ add_cache(domain_t *domain, char *raw, char *trans) {
a5f30d
a5f30d 
 	map->raw = strdup(raw);
a5f30d 
 	if (!map->raw) {
a5f30d 
+		free(map);
a5f30d 
 		goto err;
a5f30d 
 	}
a5f30d 
 	map->trans = strdup(trans);
a5f30d 
 	if (!map->trans) {
a5f30d 
+		free(map->raw);
a5f30d 
+		free(map);
a5f30d 
 		goto err;
a5f30d 
 	}
a5f30d
a5f30d 
 	log_debug(" add_cache (%s,%s)\n", raw, trans);
a5f30d 
-	if (add_to_hashtable(domain->raw_to_trans, map->raw, map) < 0)
a5f30d 
+	if (add_to_hashtable(domain->raw_to_trans, map->raw, map) < 0) {
a5f30d 
+		free(map->trans);
a5f30d 
+		free(map->raw);
a5f30d 
+		free(map);
a5f30d 
 		goto err;
a5f30d 
+	}
a5f30d
a5f30d 
 	if (add_to_hashtable(domain->trans_to_raw, map->trans, map) < 0)
a5f30d 
 		goto err;
a5f30d 
@@ -1519,6 +1526,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
a5f30d 
 			trans = compute_trans_from_raw(range, domain);
a5f30d 
 			if (trans)
a5f30d 
 				if (add_cache(domain, range, trans) < 0) {
a5f30d 
+					free(trans);
a5f30d 
 					free(range);
a5f30d 
 					return -1;
a5f30d 
 				}
a5f30d 
@@ -1530,6 +1538,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
a5f30d 
 				ltrans = compute_trans_from_raw(lrange, domain);
a5f30d 
 				if (ltrans) {
a5f30d 
 					if (add_cache(domain, lrange, ltrans) < 0) {
a5f30d 
+						free(ltrans);
a5f30d 
 						free(range);
a5f30d 
 						return -1;
a5f30d 
 					}
a5f30d 
@@ -1548,6 +1557,7 @@ trans_context(const security_context_t incon, security_context_t *rcon) {
a5f30d 
 				utrans = compute_trans_from_raw(urange, domain);
a5f30d 
 				if (utrans) {
a5f30d 
 					if (add_cache(domain, urange, utrans) < 0) {
a5f30d 
+						free(utrans);
a5f30d 
 						free(ltrans);
a5f30d 
 						free(range);
a5f30d 
 						return -1;
a5f30d 
@@ -1647,14 +1657,19 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
a5f30d 
 					canonical = compute_trans_from_raw(raw, domain);
a5f30d 
 					if (canonical && strcmp(canonical, range))
a5f30d 
 						if (add_cache(domain, raw, canonical) < 0) {
a5f30d 
+							free(canonical);
a5f30d 
 							free(range);
a5f30d 
+							free(raw);
a5f30d 
 							return -1;
a5f30d 
 						}
a5f30d 
 				}
a5f30d 
-				if (canonical)
a5f30d 
+				if (canonical) {
a5f30d 
 					free(canonical);
a5f30d 
+					free(raw);
a5f30d 
+				}
a5f30d 
 				if (add_cache(domain, raw, range) < 0) {
a5f30d 
 					free(range);
a5f30d 
+					free(raw);
a5f30d 
 					return -1;
a5f30d 
 				}
a5f30d 
 			} else {
a5f30d 
@@ -1672,6 +1687,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
a5f30d 
 						canonical = compute_trans_from_raw(lraw, domain);
a5f30d 
 						if (canonical)
a5f30d 
 							if (add_cache(domain, lraw, canonical) < 0) {
a5f30d 
+								free(canonical);
a5f30d 
 								free(lraw);
a5f30d 
 								free(range);
a5f30d 
 								return -1;
a5f30d 
@@ -1703,6 +1719,7 @@ untrans_context(const security_context_t incon, security_context_t *rcon) {
a5f30d 
 						canonical = compute_trans_from_raw(uraw, domain);
a5f30d 
 						if (canonical)
a5f30d 
 							if (add_cache(domain, uraw, canonical) < 0) {
a5f30d 
+								free(canonical);
a5f30d 
 								free(uraw);
a5f30d 
 								free(lraw);
a5f30d 
 								free(range);
a5f30d 
diff --git a/mcstrans/src/mcstransd.c b/mcstrans/src/mcstransd.c
a5f30d 
index 858994932e4f..a1ec81acb3c8 100644
a5f30d 
--- a/mcstrans/src/mcstransd.c
a5f30d 
+++ b/mcstrans/src/mcstransd.c
a5f30d 
@@ -335,6 +335,7 @@ process_events(struct pollfd **ufds, int *nfds)
a5f30d 
 					/* Setup pollfd for deletion later. */
a5f30d 
 					(*ufds)[ii].fd = -1;
a5f30d 
 					close(connfd);
a5f30d 
+					connfd = -1;
a5f30d 
 					/* So we don't get bothered later */
a5f30d 
 					revents = revents & ~(POLLHUP);
a5f30d 
 				}
a5f30d 
@@ -348,10 +349,11 @@ process_events(struct pollfd **ufds, int *nfds)
a5f30d 
 			/* Set the pollfd up for deletion later. */
a5f30d 
 			(*ufds)[ii].fd = -1;
a5f30d 
 			close(connfd);
a5f30d 
+			connfd = -1;
a5f30d
a5f30d 
 			revents = revents & ~(POLLHUP);
a5f30d 
 		}
a5f30d 
-		if (revents) {
a5f30d 
+		if (revents && connfd != -1) {
a5f30d 
 			syslog(LOG_ERR, "Unknown/error events (%x) encountered"
a5f30d 
 					" for fd (%d)\n", revents, connfd);
a5f30d
a5f30d 
--
a5f30d 
2.23.0
a5f30d

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation