Re: [PATCH] nss: Fix memory leak in findLease
On Mon, Apr 14, 2025 at 15:06:09 +0300, Alexander Kuznetsov wrote:
path is allocated by asprintf() and must be freed later if realloc()
fails or at
the end of each while() iteration
Move the free() call out of LIBVIRT_NSS_GUEST macro and add another one if
realloc() fails
Found by Linux Verification Center (linuxtesting.org) with Svace.
Reported-by: Dmitry Fedin <d.fedin(a)fobos-nt.ru>
Signed-off-by: Alexander Kuznetsov <kuznetsovam(a)altlinux.org>
---
tools/nss/libvirt_nss.c | 7 +++++--
1 file changed, 5 insertions(+), 2 deletions(-)
diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c
index d79a00a1b0..190cc7a3dd 100644
--- a/tools/nss/libvirt_nss.c
+++ b/tools/nss/libvirt_nss.c
@@ -141,8 +141,11 @@ findLease(const char *name,
goto cleanup;
tmpLease = realloc(leaseFiles, sizeof(char *) * (nleaseFiles + 1));
- if (!tmpLease)
+ if (!tmpLease) {
+ free(path);
goto cleanup;
+ }
+
leaseFiles = tmpLease;
leaseFiles[nleaseFiles++] = path;
The path is added to the array ...
#if defined(LIBVIRT_NSS_GUEST)
@@ -155,8 +158,8 @@ findLease(const char *name,
free(path);
goto cleanup;
}
- free(path);
#endif /* LIBVIRT_NSS_GUEST */
So if you move this after the definition check, and the definition is not defined ...
+ free(path);
... this free will become part of the upper block and free the path
filled into the array.
}
errno = 0;
--
2.42.4