Skip to content

Commit

Permalink
setSecCtx: free srcCtx when getfscreatecon_raw() fails
Browse files Browse the repository at this point in the history 
```
Error: RESOURCE_LEAK (CWE-772):
logrotate-3.18.0/logrotate.c:333: path: Condition "!selinux_enabled", taking false branch.
logrotate-3.18.0/logrotate.c:338: alloc_arg: "fgetfilecon_raw" allocates memory that is stored into "srcCtx".
logrotate-3.18.0/logrotate.c:338: path: Condition "fgetfilecon_raw(fdSrc, &srcCtx) < 0", taking false branch.
logrotate-3.18.0/logrotate.c:349: path: Condition "getfscreatecon_raw(pPrevCtx) < 0", taking true branch.
logrotate-3.18.0/logrotate.c:351: leaked_storage: Variable "srcCtx" going out of scope leaks the storage it points to.
  349|       if (getfscreatecon_raw(pPrevCtx) < 0) {
  350|           message(MESS_ERROR, "getting default context: %s\n", strerror(errno));
  351|->         return selinux_enforce;
  352|       }
  353|
```
  • Loading branch information
@jamacku
jamacku committed Mar 18, 2024
1 parent 0b685a5 commit 7ca497f
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions logrotate.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -372,6 +372,7 @@ static int setSecCtx(int fdSrc, const char *src, char **pPrevCtx)
if (getfscreatecon_raw(pPrevCtx) < 0) {
message(MESS_ERROR, "getting default context: %s\n", strerror(errno));
freecon(*pPrevCtx);
freecon(srcCtx);
return selinux_enforce;
}

Expand Down

0 comments on commit 7ca497f

Please sign in to comment.