From 8f15d94a21cbc6886bdf2474e6e1bb507cab1149 Mon Sep 17 00:00:00 2001 From: Maks Mishin Date: Thu, 10 Oct 2024 20:23:49 +0300 Subject: [PATCH] sys-utils: (setpriv): fix potential memory leak Dynamic memory, referenced by 'buf' is allocated by calling function 'xstrdup' add then changed by calling of strsep function. The free(buf) call is incorrect if buf != NULL, and points to some place inside or outside the source string. Reference:https://github.com/util-linux/util-linux/commit/8f15d94a21cbc6886bdf2474e6e1bb507cab1149 Conflict:NA --- sys-utils/setpriv.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys-utils/setpriv.c b/sys-utils/setpriv.c index bd188e4d..5899552d 100644 --- a/sys-utils/setpriv.c +++ b/sys-utils/setpriv.c @@ -578,6 +578,7 @@ static void do_caps(enum cap_type type, const char *caps) static void parse_securebits(struct privctx *opts, const char *arg) { char *buf = xstrdup(arg); + char *source_buf = buf; char *c; opts->have_securebits = 1; @@ -631,7 +632,7 @@ static void parse_securebits(struct privctx *opts, const char *arg) opts->securebits |= SECBIT_KEEP_CAPS; /* We need it, and it's reset on exec */ - free(buf); + free(source_buf); } static void do_selinux_label(const char *label) -- 2.33.0