From owner-trustedbsd-discuss@FreeBSD.ORG Wed Jan 31 14:25:04 2007 Return-Path: X-Original-To: trustedbsd-discuss@FreeBSD.org Delivered-To: trustedbsd-discuss@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 9836816A401 for ; Wed, 31 Jan 2007 14:25:04 +0000 (UTC) (envelope-from gjk.liu@gmail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.173]) by mx1.freebsd.org (Postfix) with ESMTP id 32FB513C461 for ; Wed, 31 Jan 2007 14:25:03 +0000 (UTC) (envelope-from gjk.liu@gmail.com) Received: by ug-out-1314.google.com with SMTP id o2so176515uge for ; Wed, 31 Jan 2007 06:25:01 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=BIAsB8Ha4awmPGqhDEpp8Uon4nk/vu3+4jkrEDl0a/fXduOq+GHnR1Yl+dKC5nVH/G6DmF/fIKY0+EO/TQ6+ee+pjSr0txqs52iodFUgezhaQ97tDy7tG4VA2/zbIxMpdnsVtx7GLbPQH6GUYlIkypmOOXULtojpIkYTUbxhmck= Received: by 10.82.118.2 with SMTP id q2mr180025buc.1170252003857; Wed, 31 Jan 2007 06:00:03 -0800 (PST) Received: by 10.82.151.20 with HTTP; Wed, 31 Jan 2007 06:00:03 -0800 (PST) Message-ID: <8c2dc7030701310600j536744e0h6712aae77f51a394@mail.gmail.com> Date: Wed, 31 Jan 2007 22:00:03 +0800 From: "Liu Jian" To: trustedbsd-discuss@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: memory leak in libselinux X-BeenThere: trustedbsd-discuss@FreeBSD.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: TrustedBSD General Discussion List List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 31 Jan 2007 14:25:04 -0000 Dear All, We have found a memory leak in libselinux. The following is the function "fsetfilecon_raw" in "setfilecon.c" with comments added by myself. int setfilecon_raw(const char *path, security_context_t context) { mac_t mac; char tmp[strlen(context) + strlen("sebsd/0")]; int r; if (mac_prepare(&mac, "sebsd")) //malloc(sizeof(**mac)) is called firstly in mac_prepare return -1; strcpy(tmp, "sebsd/"); strcat(tmp, context); if (mac_from_text(&mac, tmp)) { //malloc(sizeof(**mac)) is called secondly in mac_prepare mac_free(mac); // moreover, the first malloced mac is lost. return -1; } r = mac_set_file(path, mac); mac_free(mac); return r; } As the program shows that a mac is firstly malloced at mac_prepare (here, pls refer the defintion of mac_prepare in mac.c at libc), and after that a new malloc(sizeof(**mac)) is called in mac_from_text(also pls refer to mac.c at libc). Moreover, the first malloced mac is lost here and memory leak occurs. The same situation also appears in "setcon.c, lsetfilecon.c, setexeccon.c and setfilescon.c". This memory leak will suck a lots when runing setfiles program. by Liu Jian ---------- email to: GJK.Liu@gmail.com