Re: [PATCH] nss: Fix memory leak in findLease
On Mon, Apr 14, 2025 at 15:06:09 +0300, Alexander Kuznetsov wrote:
path is allocated by asprintf() and must be freed later if realloc()
fails or at
the end of each while() iteration
Move the free() call out of LIBVIRT_NSS_GUEST macro and add another one if
realloc() fails
Found by Linux Verification Center (linuxtesting.org) with Svace.
Reported-by: Dmitry Fedin <d.fedin(a)fobos-nt.ru>
Signed-off-by: Alexander Kuznetsov <kuznetsovam(a)altlinux.org>
---
tools/nss/libvirt_nss.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c
index d79a00a1b0..190cc7a3dd 100644
--- a/tools/nss/libvirt_nss.c
+++ b/tools/nss/libvirt_nss.c
@@ -141,8 +141,11 @@ findLease(const char *name,
goto cleanup;
tmpLease = realloc(leaseFiles, sizeof(char *) * (nleaseFiles + 1));
- if (!tmpLease)
+ if (!tmpLease) {
+ free(path);
goto cleanup;
+ }
This potential leak can be also addressed by rearranging the code so
that the array is realloc'd first and the path is formatted just after
the realloc.
Since the freeing of members in 'leaseFiles' is done based on
'nleaseFiles' it's safe to do even without clearing the new extra
memory.
This way no 'free' is needed.
+
leaseFiles = tmpLease;
leaseFiles[nleaseFiles++] = path;