libsepol: do not leak memory when an error occurs

name_list_to_string() and constraint_expr_to_string() both define an exit label to clean-up dynamically-allocated memory when an error occurs, but they miss some variables. Free the missing ones too. This issue has been found using clang's static analyzer. Signed-off-by: Nicolas Iooss <[email protected]>
Pirabarlen-Cheenaramen · Apr 12, 2017 · d88657b · d88657b
1 parent 8ccd0db
commit d88657b
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/libsepol/src/module_to_cil.c b/libsepol/src/module_to_cil.c
@@ -1153,6 +1153,7 @@ static int name_list_to_string(char **names, int num_names, char **string)
 
 	return 0;
 exit:
+	free(str);
 	return rc;
 }
 
@@ -1697,7 +1698,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
 	const char *fmt_str;
 	const char *attr1;
 	const char *attr2;
-	char *names;
+	char *names = NULL;
 	char **name_list = NULL;
 	int num_names = 0;
 	struct type_set *ts;
@@ -1798,6 +1799,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
 
 				names_destroy(&name_list, &num_names);
 				free(names);
+				names = NULL;
 			}
 
 			num_params = 0;
@@ -1887,6 +1889,7 @@ static int constraint_expr_to_string(struct policydb *pdb, struct constraint_exp
 
 exit:
 	names_destroy(&name_list, &num_names);
+	free(names);
 
 	free(new_val);
 	free(val1);