selinux.vger.kernel.org archive mirror
 help / color / mirror / Atom feed
* Re: Coverity: filename_trans_read_one(): Resource leaks
       [not found] <202004130917.435ED43FDB@keescook>
@ 2020-04-13 17:48 ` Ondrej Mosnacek
  0 siblings, 0 replies; only message in thread
From: Ondrej Mosnacek @ 2020-04-13 17:48 UTC (permalink / raw)
  To: coverity-bot
  Cc: Stephen Smalley, Paul Moore, Gustavo A. R. Silva, linux-next,
	SElinux list

On Mon, Apr 13, 2020 at 6:18 PM coverity-bot <keescook@chromium.org> wrote:
> Hello!
>
> This is an experimental automated report about issues detected by Coverity
> from a scan of next-20200413 as part of the linux-next weekly scan project:
> https://scan.coverity.com/projects/linux-next-weekly-scan
>
> You're getting this email because you were associated with the identified
> lines of code (noted below) that were touched by commits:
>
>   Tue Feb 18 12:27:34 2020 +0100
>     c3a276111ea2 ("selinux: optimize storage of filename transitions")
>
> Coverity reported the following:
>
> *** CID 1461665:  Resource leaks  (RESOURCE_LEAK)
> /security/selinux/ss/policydb.c: 1862 in filename_trans_read_one()
> 1856                    return rc;
> 1857            len = le32_to_cpu(buf[0]);
> 1858
> 1859            /* path component string */
> 1860            rc = str_read(&name, GFP_KERNEL, fp, len);
> 1861            if (rc)
> vvv     CID 1461665:  Resource leaks  (RESOURCE_LEAK)
> vvv     Variable "name" going out of scope leaks the storage it points to.
> 1862                    return rc;
> 1863
> 1864            rc = next_entry(buf, fp, sizeof(u32) * 4);
> 1865            if (rc)
> 1866                    goto out;
> 1867

Right, I missed the fact that str_read() may give us back an allocated
pointer even if it returns an error. I'll send a fix probably
tomorrow. And I plan to have a look at refactoring the function so it
cleans up upon error on its own (+ updating the caller accordingly).
Its current interface just begs for trouble...

Thank you for running the bot, Kees! It's cool :)

>
> If this is a false positive, please let us know so we can mark it as
> such, or teach the Coverity rules to be smarter. If not, please make
> sure fixes get into linux-next. :) For patches fixing this, please
> include these lines (but double-check the "Fixes" first):
>
> Reported-by: coverity-bot <keescook+coverity-bot@chromium.org>
> Addresses-Coverity-ID: 1461665 ("Resource leaks")
> Fixes: c3a276111ea2 ("selinux: optimize storage of filename transitions")
>
> Thanks for your attention!
>
> --
> Coverity-bot
>

-- 
Ondrej Mosnacek <omosnace at redhat dot com>
Software Engineer, Security Technologies
Red Hat, Inc.


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2020-04-13 17:48 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
     [not found] <202004130917.435ED43FDB@keescook>
2020-04-13 17:48 ` Coverity: filename_trans_read_one(): Resource leaks Ondrej Mosnacek

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).