From 79fb75c9849fe02cb91b3037efdc4b3d23d6c4f9 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Thu, 2 May 2024 14:15:30 +0200 Subject: [PATCH 01/15] leveldb: fix memory leak We should unmap the memory before returning from the function: Error: RESOURCE_LEAK (CWE-772): chkconfig-1.26/leveldb.c:519: alloc_fn: Storage is returned from allocation function "mmap". chkconfig-1.26/leveldb.c:519: var_assign: Assigning: "bufstart" = storage returned from "mmap(NULL, sb.st_size, 1, 1, fd, 0L)". chkconfig-1.26/leveldb.c:528: leaked_storage: Variable "bufstart" going out of scope leaks the storage it points to. 526| if (tmpbufstart == NULL) { 527| close(fd); 528|-> return -1; 529| } 530| --- leveldb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/leveldb.c b/leveldb.c index 564a2079..8b2eeac5 100644 --- a/leveldb.c +++ b/leveldb.c @@ -525,6 +525,7 @@ int parseServiceInfo(int fd, char *name, struct service *service, int honorHide, tmpbufstart = (char *)malloc(sb.st_size + 1); if (tmpbufstart == NULL) { close(fd); + munmap(bufstart, sb.st_size); return -1; } From 75242a371d9d218dca60b16f4d3a86fbc61370c8 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Thu, 2 May 2024 15:19:08 +0200 Subject: [PATCH 02/15] chkconfig: fix leak Free the services field after we printed its contents. Also remove the check for the return value of showServiceInfo, since it is called with "forgiving" flag, so it can't return an error. Error: RESOURCE_LEAK (CWE-772): chkconfig-1.26/chkconfig.c:524: alloc_arg: "readServices" allocates memory that is stored into "services". chkconfig-1.26/chkconfig.c:528: noescape: Resource "services" is not freed or pointed-to in "qsort". chkconfig-1.26/chkconfig.c:547: leaked_storage: Variable "services" going out of scope leaks the storage it points to. 545| fprintf(stderr, _("failed to open directory %s: %s\n"), XINETDDIR, 546| strerror(err)); 547|-> return 1; 548| } 549| numServices = 0; --- chkconfig.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/chkconfig.c b/chkconfig.c index 8730cfba..c9d2cfc0 100644 --- a/chkconfig.c +++ b/chkconfig.c @@ -510,7 +510,6 @@ static int serviceNameCmp(const void *a, const void *b) { static int listService(char *item, int type) { DIR *dir; struct dirent *ent; - struct service *services; int i; int numServices = 0; int numServicesAlloced; @@ -521,6 +520,7 @@ static int listService(char *item, int type) { return showServiceInfoByName(item, type, 0); if (type & TYPE_INIT_D) { + struct service *services; numServices = readServices(&services); if (numServices < 0) return 1; @@ -530,10 +530,10 @@ static int listService(char *item, int type) { for (i = 0; i < numServices; i++) { if (systemd && isOverriddenBySystemd(services[i].name)) continue; - if (showServiceInfo(services[i], 1)) { - return 1; - } + (void) showServiceInfo(services[i], 1); } + + free(services); } if (isXinetdEnabled() && type & TYPE_XINETD) { From 55393450075999ed5b7d3ab604cd2ce4a3837d75 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Thu, 2 May 2024 15:40:01 +0200 Subject: [PATCH 03/15] leveldb.c: fix memory leak Error: RESOURCE_LEAK (CWE-772): chkconfig-1.26/leveldb.c:1099: alloc_arg: "readSystemdUnitProperty" allocates memory that is stored into "t". chkconfig-1.26/leveldb.c:1103: noescape: Resource "t" is not freed or pointed-to in "strcmp". chkconfig-1.26/leveldb.c:1103: noescape: Resource "t" is not freed or pointed-to in "strcmp". chkconfig-1.26/leveldb.c:1136: leaked_storage: Variable "t" going out of scope leaks the storage it points to. 1134| free(ret); 1135| } 1136|-> return r; 1137| } 1138| --- leveldb.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/leveldb.c b/leveldb.c index 8b2eeac5..c9241448 100644 --- a/leveldb.c +++ b/leveldb.c @@ -1090,12 +1090,12 @@ int runlevelsToTargets(int runlevels, char ***targets, int *n_targets) { char **tmp; int n_ret = 0; int found = 0; - char *t; int i, j; int r; for (i = 0; i <= 6; i++) { if (1 << i & runlevels) { + char *t = NULL; runlevel[8] = '0' + i; r = readSystemdUnitProperty(runlevel, "Id", &t); if (r < 0) @@ -1110,6 +1110,7 @@ int runlevelsToTargets(int runlevels, char ***targets, int *n_targets) { if (!found) { tmp = (char **)realloc(ret, sizeof(char *) * (n_ret + 1)); if (tmp == NULL) { + free(t); r = -ENOMEM; goto fail; } From 1d7a9eb165b06f84ce81f276bba8b1dba070c943 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Thu, 2 May 2024 15:57:22 +0200 Subject: [PATCH 04/15] leveldb: fix memory leak Error: RESOURCE_LEAK (CWE-772): chkconfig-1.26/leveldb.c:142: alloc_fn: Storage is returned from allocation function "malloc". chkconfig-1.26/leveldb.c:142: var_assign: Assigning: "desc" = storage returned from "malloc(end - start + 1L)". chkconfig-1.26/leveldb.c:143: noescape: Resource "desc" is not freed or pointed-to in "strncpy". [Note: The source code implementation of the function has been overridden by a builtin model.] chkconfig-1.26/leveldb.c:148: noescape: Resource "desc" is not freed or pointed-to in "strlen". chkconfig-1.26/leveldb.c:149: noescape: Resource "desc" is not freed or pointed-to in "strlen". chkconfig-1.26/leveldb.c:155: leaked_storage: Variable "desc" going out of scope leaks the storage it points to. 153| start++; 154| if (start == bufstop || *start != '#') { 155|-> return 1; 156| } 157| --- leveldb.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/leveldb.c b/leveldb.c index c9241448..acd30acc 100644 --- a/leveldb.c +++ b/leveldb.c @@ -140,6 +140,8 @@ int readDescription(char *start, char *bufstop, char **english_desc, } { char *desc = malloc(end - start + 1); + if (!desc) + return 1; strncpy(desc, start, end - start); desc[end - start] = '\0'; @@ -152,6 +154,7 @@ int readDescription(char *start, char *bufstop, char **english_desc, while (isspace(*start) && start < bufstop) start++; if (start == bufstop || *start != '#') { + free(desc); return 1; } @@ -160,6 +163,7 @@ int readDescription(char *start, char *bufstop, char **english_desc, while (isspace(*start) && start < bufstop) start++; if (start == bufstop) { + free(desc); return 1; } From 0b1f474c0d3eee638293be57bd67bb85d10ac330 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 6 May 2024 14:11:55 +0200 Subject: [PATCH 05/15] leveldb: add destructors for service --- leveldb.c | 16 ++++++++++++++++ leveldb.h | 2 ++ 2 files changed, 18 insertions(+) diff --git a/leveldb.c b/leveldb.c index acd30acc..0722aeb1 100644 --- a/leveldb.c +++ b/leveldb.c @@ -313,6 +313,22 @@ int readXinetdServiceInfo(char *name, struct service *service) { return -1; } + +void freeService(struct service s) { + free(s.name); + free(s.startDeps); + free(s.stopDeps); + free(s.softStartDeps); + free(s.softStopDeps); + free(s.provides); +} + +void freeServices(struct service *s, int n) { + for (int i = 0; i < n; i++) + freeService(s[i]); + free(s); +} + int readServices(struct service **services) { DIR *dir; struct dirent *ent; diff --git a/leveldb.h b/leveldb.h index e308d86e..bfaa9aee 100644 --- a/leveldb.h +++ b/leveldb.h @@ -56,6 +56,8 @@ struct service { int parseLevels(char *str, int emptyOk); +void freeService(struct service s); +void freeServices(struct service *s, int n); /* returns 0 on success, 1 if the service is not chkconfig-able, -1 if an I/O error occurs (in which case errno can be checked) */ int readServiceInfo(char *name, int type, struct service *service, From 07696737fc32ccc3099ae05a585ab43240ad7c12 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 6 May 2024 14:12:11 +0200 Subject: [PATCH 06/15] chkconfig: fix memory leak when deleting a service Error: RESOURCE_LEAK (CWE-772): chkconfig-1.26/chkconfig.c:125: alloc_arg: "readServices" allocates memory that is stored into "services". chkconfig-1.26/chkconfig.c:163: leaked_storage: Variable "services" going out of scope leaks the storage it points to. 161| } 162| } 163|-> return 0; 164| } 165| --- chkconfig.c | 25 +++++++++++++++++-------- 1 file changed, 17 insertions(+), 8 deletions(-) diff --git a/chkconfig.c b/chkconfig.c index c9d2cfc0..71117f44 100644 --- a/chkconfig.c +++ b/chkconfig.c @@ -107,10 +107,10 @@ static void reloadSystemd(void) { } static int delService(char *name, int type, int level) { - int i, j, k, numservs, rc; + int i, j, k, numservs=0, rc; glob_t globres; struct service s; - struct service *services; + struct service *services = NULL; if ((rc = readServiceInfo(name, type, &s, 0))) { readServiceError(rc, name); @@ -123,15 +123,18 @@ static int delService(char *name, int type, int level) { if (LSB && level == -1) { numservs = readServices(&services); - if (numservs < 0) - return 1; + if (numservs < 0) { + rc=1; + goto finish; + } for (i = 0; i < numservs; i++) { if (services[i].startDeps) { for (j = 0; services[i].startDeps[j].name; j++) { if (!strcmp(services[i].startDeps[j].name, s.name)) { if (services[i].currentLevels) { - return 1; + rc=1; + goto finish; } } } @@ -141,8 +144,10 @@ static int delService(char *name, int type, int level) { if (!strcmp(services[i].stopDeps[j].name, s.name)) { for (k = 0; k <= 6; k++) { if (isConfigured(services[i].name, k, NULL, NULL) && - !(services[i].currentLevels & (1 << k))) - return 1; + !(services[i].currentLevels & (1 << k))) { + rc=1; + goto finish; + } } } } @@ -160,7 +165,11 @@ static int delService(char *name, int type, int level) { } } } - return 0; + +finish: + freeService(s); + freeServices(services, numservs); + return rc; } static inline int laterThan(int i, int j) { From d85546782c8ec88cd19dce3fd1174ddeef686fdc Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 6 May 2024 14:47:16 +0200 Subject: [PATCH 07/15] chkconfig: fix leak Error: RESOURCE_LEAK (CWE-772): [#def23] [important] chkconfig-1.26/chkconfig.c:308:5: alloc_arg: "readServices" allocates memory that is stored into "servs". chkconfig-1.26/chkconfig.c:330:5: noescape: Resource "servs" is not freed or pointed-to in "frobOneDependencies". chkconfig-1.26/chkconfig.c:331:9: leaked_storage: Variable "servs" going out of scope leaks the storage it points to. 329| /* Resolve our target */ 330| if (frobOneDependencies(s, servs, numservs, 1, LSB) == -1) 331|-> return 1; 332| return 0; 333| } --- chkconfig.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/chkconfig.c b/chkconfig.c index 71117f44..8befc2b4 100644 --- a/chkconfig.c +++ b/chkconfig.c @@ -304,6 +304,7 @@ static int frobDependencies(struct service *s) { int numservs = 0; int nResolved = 0; int i; + int r = 0; numservs = readServices(&servs); if (numservs < 0) @@ -328,8 +329,10 @@ static int frobDependencies(struct service *s) { /* Resolve our target */ if (frobOneDependencies(s, servs, numservs, 1, LSB) == -1) - return 1; - return 0; + r=1; + + freeServices(servs, numservs); + return r; } static int addService(char *name, int type) { From 587e892ccc4a64e4ccede2a4ff5dc6c3df6ff658 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 6 May 2024 14:52:24 +0200 Subject: [PATCH 08/15] chkconfig: fix leak Error: RESOURCE_LEAK (CWE-772): [#def25] [important] chkconfig-1.26/chkconfig.c:590:13: alloc_fn: Storage is returned from allocation function "malloc". chkconfig-1.26/chkconfig.c:590:13: var_assign: Assigning: "tmp" = storage returned from "malloc(strlen(s->name) + 5UL)". chkconfig-1.26/chkconfig.c:591:13: noescape: Resource "tmp" is not freed or pointed-to in "sprintf". [Note: The source code implementation of the function has been overridden by a builtin model.] chkconfig-1.26/chkconfig.c:592:13: noescape: Resource "tmp" is not freed or pointed-to in "printf". [Note: The source code implementation of the function has been overridden by a builtin model.] chkconfig-1.26/chkconfig.c:593:9: leaked_storage: Variable "tmp" going out of scope leaks the storage it points to. 591| sprintf(tmp, "%s:", s->name); 592| printf("\t%-15s\t%s\n", tmp, s->levels ? _("on") : _("off")); 593|-> } 594| closedir(dir); 595| free(t); --- chkconfig.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/chkconfig.c b/chkconfig.c index 8befc2b4..fcc0a8bc 100644 --- a/chkconfig.c +++ b/chkconfig.c @@ -591,8 +591,14 @@ static int listService(char *item, int type) { t = s; for (i = 0; i < numServices; i++, s++) { char *tmp = malloc(strlen(s->name) + 5); + if (!tmp) { + closedir(dir); + free(t); + return 1; + } sprintf(tmp, "%s:", s->name); printf("\t%-15s\t%s\n", tmp, s->levels ? _("on") : _("off")); + free(tmp); } closedir(dir); free(t); From 195e6f0f9304413665a8b165c22a3d4da6eba882 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 6 May 2024 15:09:30 +0200 Subject: [PATCH 09/15] leveldb: fix leak Error: RESOURCE_LEAK (CWE-772): [#def24] [important] chkconfig-1.26/leveldb.c:230:5: alloc_arg: "asprintf" allocates memory that is stored into "filename". [Note: The source code implementation of the function has been overridden by a builtin model.] chkconfig-1.26/leveldb.c:232:5: noescape: Resource "filename" is not freed or pointed-to in "open". [Note: The source code implementation of the function has been overridden by a user model.] chkconfig-1.26/leveldb.c:307:5: leaked_storage: Variable "filename" going out of scope leaks the storage it points to. 305| } 306| *service = serv; 307|-> return 0; 308| out_err: 309| if (fd >= 0) --- leveldb.c | 14 ++++++++++---- 1 file changed, 10 insertions(+), 4 deletions(-) diff --git a/leveldb.c b/leveldb.c index 0722aeb1..5b09c16e 100644 --- a/leveldb.c +++ b/leveldb.c @@ -226,15 +226,22 @@ int readXinetdServiceInfo(char *name, struct service *service) { struct stat sb; char *buf = NULL, *ptr; char *eng_desc = NULL, *start; + int r; - asprintf(&filename, XINETDDIR "/%s", name); - - if ((fd = open(filename, O_RDONLY)) < 0) + r = asprintf(&filename, XINETDDIR "/%s", name); + if (r < 0) + return -1; + fd = open(filename, O_RDONLY); + free(filename); + if(fd < 0) goto out_err; + fstat(fd, &sb); if (!S_ISREG(sb.st_mode)) goto out_err; buf = malloc(sb.st_size + 1); + if (!buf) + goto out_err; if (read(fd, buf, sb.st_size) != sb.st_size) goto out_err; close(fd); @@ -309,7 +316,6 @@ int readXinetdServiceInfo(char *name, struct service *service) { if (fd >= 0) close(fd); free(buf); - free(filename); return -1; } From 1a9b8594465e097adecf9557099d087cf7052a58 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 6 May 2024 15:15:48 +0200 Subject: [PATCH 10/15] leveldb: fix leak Error: RESOURCE_LEAK (CWE-772): [#def25] [important] chkconfig-1.26/leveldb.c:237:5: alloc_fn: Storage is returned from allocation function "malloc". chkconfig-1.26/leveldb.c:237:5: var_assign: Assigning: "buf" = storage returned from "malloc(sb.st_size + 1L)". chkconfig-1.26/leveldb.c:238:5: noescape: Resource "buf" is not freed or pointed-to in "read". [Note: The source code implementation of the function has been overridden by a builtin model.] chkconfig-1.26/leveldb.c:243:5: var_assign: Assigning: "start" = "buf". chkconfig-1.26/leveldb.c:245:9: noescape: Resource "buf" is not freed or pointed-to in "strchr". chkconfig-1.26/leveldb.c:250:13: noescape: Resource "buf" is not freed or pointed-to in "strncmp". chkconfig-1.26/leveldb.c:254:17: noescape: Resource "buf + 9" is not freed or pointed-to in "strncmp". chkconfig-1.26/leveldb.c:307:5: leaked_storage: Variable "start" going out of scope leaks the storage it points to. 305| } 306| *service = serv; 307|-> return 0; 308| out_err: 309| if (fd >= 0) --- leveldb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/leveldb.c b/leveldb.c index 5b09c16e..74176ca4 100644 --- a/leveldb.c +++ b/leveldb.c @@ -311,6 +311,7 @@ int readXinetdServiceInfo(char *name, struct service *service) { buf = ptr; } *service = serv; + free(start); return 0; out_err: if (fd >= 0) From f310aa0971e3d8b0f20c373872b6fa8971f1e8e4 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 6 May 2024 15:38:26 +0200 Subject: [PATCH 11/15] leveldb: fix leak Error: RESOURCE_LEAK (CWE-772): [#def25] [important] chkconfig-1.26/leveldb.c:352:5: alloc_fn: Storage is returned from allocation function "opendir". chkconfig-1.26/leveldb.c:352:5: var_assign: Assigning: "dir" = storage returned from "opendir("/etc/init.d")". chkconfig-1.26/leveldb.c:358:5: noescape: Resource "dir" is not freed or pointed-to in "readdir". chkconfig-1.26/leveldb.c:386:5: leaked_storage: Variable "dir" going out of scope leaks the storage it points to. 384| } 385| *services = servs; 386|-> return numservs; 387| } 388| --- leveldb.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/leveldb.c b/leveldb.c index 74176ca4..eb4d205e 100644 --- a/leveldb.c +++ b/leveldb.c @@ -377,6 +377,8 @@ int readServices(struct service **services) { if (!readServiceInfo(ent->d_name, TYPE_INIT_D, servs + numservs, 0)) numservs++; } + + closedir(dir); *services = servs; return numservs; } From 0836dd199b59ce253b0e47076f92bc37cdc67716 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 6 May 2024 15:42:34 +0200 Subject: [PATCH 12/15] leveldb: fix leak Error: RESOURCE_LEAK (CWE-772): [#def26] [important] chkconfig-1.26/leveldb.c:894:5: alloc_fn: Storage is returned from allocation function "malloc". chkconfig-1.26/leveldb.c:894:5: var_assign: Assigning: "buf" = storage returned from "malloc(sb.st_size + 1L)". chkconfig-1.26/leveldb.c:895:5: noescape: Resource "buf" is not freed or pointed-to in "read". [Note: The source code implementation of the function has been overridden by a builtin model.] chkconfig-1.26/leveldb.c:911:9: var_assign: Assigning: "tmp" = "buf". chkconfig-1.26/leveldb.c:912:9: noescape: Resource "buf" is not freed or pointed-to in "strchr". chkconfig-1.26/leveldb.c:919:9: noescape: Resource "buf" is not freed or pointed-to in "strncmp". chkconfig-1.26/leveldb.c:919:9: noescape: Resource "buf" is not freed or pointed-to in "strlen". chkconfig-1.26/leveldb.c:920:13: noescape: Resource "tmp" is not freed or pointed-to in "strlen". chkconfig-1.26/leveldb.c:920:13: noescape: Resource "tmp" is not freed or pointed-to in "write". chkconfig-1.26/leveldb.c:936:5: leaked_storage: Variable "tmp" going out of scope leaks the storage it points to. 934| fprintf(stderr, _("Unable to set SELinux context for %s: %s\n"), 935| oldfname, strerror(errno)); 936|-> return (r); 937| } 938| --- leveldb.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/leveldb.c b/leveldb.c index eb4d205e..2f570a84 100644 --- a/leveldb.c +++ b/leveldb.c @@ -875,7 +875,7 @@ int setXinetdService(struct service s, int on) { int oldfd, newfd; char oldfname[100], newfname[100]; char tmpstr[50]; - char *buf, *ptr, *tmp; + char *buf, *ptr, *tmp, *start; struct stat sb; mode_t mode; int r; @@ -904,6 +904,7 @@ int setXinetdService(struct service s, int on) { free(buf); return -1; } + start = buf; while (buf) { tmp = buf; ptr = strchr(buf, '\n'); @@ -924,6 +925,7 @@ int setXinetdService(struct service s, int on) { } buf = ptr; } + free(start); close(newfd); unlink(oldfname); r = rename(newfname, oldfname); From 5c57fff7c5a1233dab9c6dc1c6ef04a19531bcb9 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Tue, 7 May 2024 09:10:39 +0200 Subject: [PATCH 13/15] leveldb: fix leak Error: CPPCHECK_WARNING (CWE-401): [#def31] [important] chkconfig-1.26/leveldb.c:757: error[memleak]: Memory leak: serv.softStopDeps 755| ((serv.levels == -1) || !serv.desc || 756| (!serv.isLSB && (serv.sPriority == -1 || serv.kPriority == 100)))) { 757|-> return 1; 758| } 759| Error: CPPCHECK_WARNING (CWE-401): [#def32] [important] chkconfig-1.26/leveldb.c:757: error[memleak]: Memory leak: serv.startDeps 755| ((serv.levels == -1) || !serv.desc || 756| (!serv.isLSB && (serv.sPriority == -1 || serv.kPriority == 100)))) { 757|-> return 1; 758| } 759| Error: CPPCHECK_WARNING (CWE-401): [#def33] [important] chkconfig-1.26/leveldb.c:757: error[memleak]: Memory leak: serv.stopDeps 755| ((serv.levels == -1) || !serv.desc || 756| (!serv.isLSB && (serv.sPriority == -1 || serv.kPriority == 100)))) { 757|-> return 1; 758| } 759| --- leveldb.c | 1 + 1 file changed, 1 insertion(+) diff --git a/leveldb.c b/leveldb.c index 2f570a84..2de1ac08 100644 --- a/leveldb.c +++ b/leveldb.c @@ -749,6 +749,7 @@ int parseServiceInfo(int fd, char *name, struct service *service, int honorHide, if (!partialOk && ((serv.levels == -1) || !serv.desc || (!serv.isLSB && (serv.sPriority == -1 || serv.kPriority == 100)))) { + freeService(serv); return 1; } From fb0660da9eb8eccb109c454ce136cd97f92ef7bc Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Mon, 13 May 2024 13:35:36 +0200 Subject: [PATCH 14/15] leveldb: security_context_t is deprecated https://github.com/SELinuxProject/selinux/commit/7a124ca2758136f49cc38efc26fb1a2d385ecfd9 --- leveldb.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/leveldb.c b/leveldb.c index 2de1ac08..7450e755 100644 --- a/leveldb.c +++ b/leveldb.c @@ -44,7 +44,7 @@ int selinux_restore(const char *name) { struct selabel_handle *hnd = NULL; struct stat buf; - security_context_t newcon = NULL; + char *newcon = NULL; int r = -1; hnd = selabel_open(SELABEL_CTX_FILE, NULL, 0); From 0a3cd94e29ff8df3a3eb91aab40823aede7a0a07 Mon Sep 17 00:00:00 2001 From: Lukas Nykryn Date: Tue, 7 May 2024 14:21:06 +0200 Subject: [PATCH 15/15] ntsysv: fix leaks Error: RESOURCE_LEAK (CWE-772): [#def1] [important] chkconfig-1.26/ntsysv.c:316:5: alloc_fn: Storage is returned from allocation function "malloc". chkconfig-1.26/ntsysv.c:316:5: var_assign: Assigning: "services" = storage returned from "malloc(88UL * numServicesAlloced)". chkconfig-1.26/ntsysv.c:321:9: leaked_storage: Variable "services" going out of scope leaks the storage it points to. 319| fprintf(stderr, "failed to open " RUNLEVELS "/init.d: %s\n", 320| strerror(errno)); 321|-> return 2; 322| } 323| Error: RESOURCE_LEAK (CWE-772): [#def2] [important] chkconfig-1.26/ntsysv.c:316:5: alloc_fn: Storage is returned from allocation function "malloc". chkconfig-1.26/ntsysv.c:316:5: var_assign: Assigning: "services" = storage returned from "malloc(88UL * numServicesAlloced)". chkconfig-1.26/ntsysv.c:346:9: noescape: Resource "services + numServices" is not freed or pointed-to in "readServiceInfo". chkconfig-1.26/ntsysv.c:375:13: leaked_storage: Variable "services" going out of scope leaks the storage it points to. 373| fprintf(stderr, "failed to open " XINETDDIR ": %s\n", 374| strerror(errno)); 375|-> return 2; 376| } 377| Error: RESOURCE_LEAK (CWE-772): [#def3] [important] chkconfig-1.26/ntsysv.c:393:17: alloc_fn: Storage is returned from allocation function "realloc". chkconfig-1.26/ntsysv.c:393:17: var_assign: Assigning: "services" = storage returned from "realloc(services, numServicesAlloced * 88UL)". chkconfig-1.26/ntsysv.c:397:13: noescape: Resource "services + numServices" is not freed or pointed-to in "readXinetdServiceInfo". chkconfig-1.26/ntsysv.c:403:17: leaked_storage: Variable "services" going out of scope leaks the storage it points to. 401| ent->d_name, strerror(errno)); 402| closedir(dir); 403|-> return 2; 404| } else if (!rc) 405| numServices++; Error: RESOURCE_LEAK (CWE-772): [#def4] [important] chkconfig-1.26/ntsysv.c:372:9: alloc_fn: Storage is returned from allocation function "opendir". chkconfig-1.26/ntsysv.c:372:9: var_assign: Assigning: "dir" = storage returned from "opendir("/etc/xinetd.d")". chkconfig-1.26/ntsysv.c:378:9: noescape: Resource "dir" is not freed or pointed-to in "readdir". chkconfig-1.26/ntsysv.c:422:5: leaked_storage: Variable "dir" going out of scope leaks the storage it points to. 420| *numServicesPtr = numServices; 421| 422|-> return 0; 423| } 424| Error: CPPCHECK_WARNING (CWE-401): [#def5] [important] chkconfig-1.26/ntsysv.c:321: error[memleak]: Memory leak: services 319| fprintf(stderr, "failed to open " RUNLEVELS "/init.d: %s\n", 320| strerror(errno)); 321|-> return 2; 322| } 323| --- ntsysv.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ntsysv.c b/ntsysv.c index 3ab9c57a..8164cd72 100644 --- a/ntsysv.c +++ b/ntsysv.c @@ -318,6 +318,7 @@ static int getServices(struct service **servicesPtr, int *numServicesPtr, if (!(dir = opendir(RUNLEVELS "/init.d"))) { fprintf(stderr, "failed to open " RUNLEVELS "/init.d: %s\n", strerror(errno)); + free(services); return 2; } @@ -372,6 +373,7 @@ static int getServices(struct service **servicesPtr, int *numServicesPtr, if (!(dir = opendir(XINETDDIR))) { fprintf(stderr, "failed to open " XINETDDIR ": %s\n", strerror(errno)); + freeServices(services, numServices); return 2; } @@ -400,6 +402,7 @@ static int getServices(struct service **servicesPtr, int *numServicesPtr, fprintf(stderr, _("error reading info for service %s: %s\n"), ent->d_name, strerror(errno)); closedir(dir); + freeServices(services, numServices); return 2; } else if (!rc) numServices++; @@ -408,8 +411,11 @@ static int getServices(struct service **servicesPtr, int *numServicesPtr, if (err) { fprintf(stderr, _("error reading from directory %s: %s\n"), XINETDDIR, strerror(err)); + freeServices(services, numServices); return 1; } + + closedir(dir); } getSystemdServices(&services, &numServices);