Fix memory leak issues found by Klocwork
Change-Id: If324d424dc11df435c26b0da11e314c7608180f9
diff --git a/include/sepol/policydb/symtab.h b/include/sepol/policydb/symtab.h
index c8ad664..490731b 100644
--- a/include/sepol/policydb/symtab.h
+++ b/include/sepol/policydb/symtab.h
@@ -32,6 +32,7 @@
} symtab_t;
extern int symtab_init(symtab_t *, unsigned int size);
+extern void symtab_destroy(symtab_t *);
#endif /* _SYMTAB_H_ */
diff --git a/src/expand.c b/src/expand.c
index 2003eb6..70c6848 100644
--- a/src/expand.c
+++ b/src/expand.c
@@ -251,6 +251,7 @@
new_id = strdup(id);
if (!new_id) {
ERR(state->handle, "Out of memory!");
+ symtab_destroy(&new_common->permissions);
free(new_common);
return -1;
}
@@ -263,6 +264,7 @@
(hashtab_datum_t *) new_common);
if (ret) {
ERR(state->handle, "hashtab overflow");
+ symtab_destroy(&new_common->permissions);
free(new_common);
free(new_id);
return -1;
@@ -812,6 +814,7 @@
new_id = strdup(id);
if (!new_id) {
ERR(state->handle, "Out of memory!");
+ free(new_role);
return -1;
}
@@ -963,6 +966,7 @@
new_id = strdup(id);
if (!new_id) {
ERR(state->handle, "Out of memory!");
+ free(new_user);
return -1;
}
ret = hashtab_insert(state->out->p_users.table,
@@ -1982,6 +1986,7 @@
if (cond_node_map_bools(state, tmp)) {
ERR(state->handle, "Error mapping booleans");
+ free(tmp);
return -1;
}
@@ -2189,6 +2194,7 @@
newgenfs->fstype = strdup(genfs->fstype);
if (!newgenfs->fstype) {
ERR(state->handle, "Out of memory!");
+ free(newgenfs);
return -1;
}
@@ -2197,12 +2203,17 @@
newc = malloc(sizeof(ocontext_t));
if (!newc) {
ERR(state->handle, "Out of memory!");
+ free(newgenfs->fstype);
+ free(newgenfs);
return -1;
}
memset(newc, 0, sizeof(ocontext_t));
newc->u.name = strdup(c->u.name);
if (!newc->u.name) {
ERR(state->handle, "Out of memory!");
+ free(newc);
+ free(newgenfs->fstype);
+ free(newgenfs);
return -1;
}
newc->v.sclass = c->v.sclass;
diff --git a/src/genusers.c b/src/genusers.c
index 37528e2..a31ea08 100644
--- a/src/genusers.c
+++ b/src/genusers.c
@@ -91,13 +91,20 @@
ebitmap_init(&usrdatum->roles.roles);
} else {
char *id = strdup(q);
+ if (!id) {
+ ERR(NULL, "out of memory");
+ free(buffer);
+ fclose(fp);
+ return -1;
+ }
/* Adding a new user definition. */
usrdatum =
(user_datum_t *) malloc(sizeof(user_datum_t));
- if (!id || !usrdatum) {
+ if (!usrdatum) {
ERR(NULL, "out of memory");
free(buffer);
+ free(id);
fclose(fp);
return -1;
}
@@ -108,6 +115,8 @@
id, (hashtab_datum_t) usrdatum)) {
ERR(NULL, "out of memory");
free(buffer);
+ free(id);
+ free(usrdatum);
fclose(fp);
return -1;
}
diff --git a/src/hierarchy.c b/src/hierarchy.c
index e2df5a4..d787a64 100644
--- a/src/hierarchy.c
+++ b/src/hierarchy.c
@@ -360,6 +360,7 @@
args->numerr++;
}
cond_av_list_destroy(expl);
+ avtab_destroy(&expa);
/*
* Check false condition
diff --git a/src/link.c b/src/link.c
index 01d3231..3444288 100644
--- a/src/link.c
+++ b/src/link.c
@@ -291,6 +291,7 @@
}
new_id = strdup(id);
if (new_id == NULL) {
+ symtab_destroy(&new_class->permissions);
ERR(state->handle, "Memory error\n");
ret = SEPOL_ERR;
goto err;
@@ -299,6 +300,7 @@
(hashtab_key_t) new_id,
(hashtab_datum_t) new_class);
if (ret) {
+ symtab_destroy(&new_class->permissions);
ERR(state->handle,
"could not insert new class into symtab");
goto err;
@@ -1300,7 +1302,7 @@
if (new_rule->perms == NULL) {
new_rule->perms = new_perm;
- } else {
+ } else if (tail_perm) {
tail_perm->next = new_perm;
}
tail_perm = new_perm;
@@ -1765,6 +1767,7 @@
new_decl->module_name = strdup(module->policy->name);
if (new_decl->module_name == NULL) {
ERR(state->handle, "Out of memory\n");
+ avrule_decl_destroy(new_decl);
ret = -1;
goto cleanup;
}
@@ -1784,6 +1787,7 @@
ret = copy_avrule_decl(state, module, decl, new_decl);
if (ret) {
+ avrule_decl_destroy(new_decl);
goto cleanup;
}
diff --git a/src/policydb.c b/src/policydb.c
index ff292f6..e6d9075 100644
--- a/src/policydb.c
+++ b/src/policydb.c
@@ -3447,7 +3447,7 @@
* decl chain in its correct order */
if (curblock->branch_list == NULL) {
curblock->branch_list = curdecl;
- } else {
+ } else if (last_decl != NULL) {
last_decl->next = curdecl;
}
last_decl = curdecl;
@@ -3456,7 +3456,7 @@
if (*block == NULL) {
*block = curblock;
- } else {
+ } else if (last_block != NULL) {
last_block->next = curblock;
}
last_block = curblock;
diff --git a/src/policydb_convert.c b/src/policydb_convert.c
index 32832bb..3fc40cb 100644
--- a/src/policydb_convert.c
+++ b/src/policydb_convert.c
@@ -20,6 +20,7 @@
pf.handle = handle;
if (policydb_read(policydb, &pf, 0)) {
+ policydb_destroy(policydb);
ERR(handle, "policy image is invalid");
errno = EINVAL;
return STATUS_ERR;
diff --git a/src/services.c b/src/services.c
index 9c2920c..bed1e9b 100644
--- a/src/services.c
+++ b/src/services.c
@@ -96,6 +96,7 @@
return -1;
}
if (policydb_read(&mypolicydb, &pf, 0)) {
+ policydb_destroy(&mypolicydb);
ERR(NULL, "can't read binary policy: %s", strerror(errno));
return -1;
}
@@ -1016,6 +1017,7 @@
return -ENOMEM;
if (policydb_read(&newpolicydb, fp, 1)) {
+ policydb_destroy(&newpolicydb);
return -EINVAL;
}
diff --git a/src/symtab.c b/src/symtab.c
index b3a7aa8..b319c8f 100644
--- a/src/symtab.c
+++ b/src/symtab.c
@@ -46,4 +46,12 @@
return 0;
}
+void symtab_destroy(symtab_t * s)
+{
+ if (!s)
+ return;
+ if (s->table)
+ hashtab_destroy(s->table);
+ return;
+}
/* FLASK */
diff --git a/src/write.c b/src/write.c
index 22e6143..ab1c257 100644
--- a/src/write.c
+++ b/src/write.c
@@ -1810,6 +1810,7 @@
buf[0] = cpu_to_le32(key_len);
if (put_entry(buf, sizeof(*buf), 1, fp) != 1 ||
put_entry(key, 1, key_len, fp) != key_len) {
+ free(dyn_buf);
return POLICYDB_ERROR;
}
buf[0] = cpu_to_le32(scope->scope);