summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJim Meyering <meyering@redhat.com>2008-05-20 17:58:42 +0200
committerJim Meyering <meyering@redhat.com>2008-05-20 21:35:40 +0200
commit3ceabe1bfcb5c5fc5802d6c2b04918e3586dd989 (patch)
tree6c8400508aa2f41f77e2675161c0fa0f472bdad3
parent5e6a1837ea1d2f6670f132fb8661bb25b1b3693d (diff)
downloadcoreutils-3ceabe1bfcb5c5fc5802d6c2b04918e3586dd989.tar.xz
install: avoid a leak in currently-ifdef'd-out code
* src/install.c (setdefaultfilecon) [ENABLE_WHEN_MATCHPATHCON_IS_MORE_EFFICIENT]: Call matchpathcon_init_prefix only once. Suggestion from Stephen Smalley. Reported by Ben Webb in <http://bugzilla.redhat.com/447410>.
-rw-r--r--src/install.c11
1 files changed, 9 insertions, 2 deletions
diff --git a/src/install.c b/src/install.c
index 1d04373b1..13feb850e 100644
--- a/src/install.c
+++ b/src/install.c
@@ -208,6 +208,8 @@ setdefaultfilecon (char const *file)
{
struct stat st;
security_context_t scontext = NULL;
+ static bool first_call = true;
+
if (selinux_enabled != 1)
{
/* Indicate no context found. */
@@ -216,11 +218,15 @@ setdefaultfilecon (char const *file)
if (lstat (file, &st) != 0)
return;
- if (IS_ABSOLUTE_FILE_NAME (file))
+ if (first_call && IS_ABSOLUTE_FILE_NAME (file))
{
/* Calling matchpathcon_init_prefix (NULL, "/first_component/")
is an optimization to minimize the expense of the following
- matchpathcon call. */
+ matchpathcon call. Do it only once, just before the first
+ matchpathcon call. We *could* call matchpathcon_fini after
+ the final matchpathcon call, but that's not necessary, since
+ by then we're about to exit, and besides, the buffers it
+ would free are still reachable. */
char const *p0;
char const *p = file + 1;
while (ISSLASH (*p))
@@ -247,6 +253,7 @@ setdefaultfilecon (char const *file)
}
}
}
+ first_call = false;
/* If there's an error determining the context, or it has none,
return to allow default context */