summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJim Meyering <meyering@redhat.com>2011-11-08 19:03:39 +0100
committerJim Meyering <meyering@redhat.com>2011-11-12 10:22:55 +0100
commitf8245e96cd11756cce8f47ded4459f3c170cd2e3 (patch)
tree803b6469b73a34a8a91e70d60d3e8d3dab37bba5 /src
parent91a5badc7b8b96916147f28b1d094af98efa5aa7 (diff)
downloadcoreutils-f8245e96cd11756cce8f47ded4459f3c170cd2e3.tar.xz
ls: plug a per-argument leak
Using ls -l on an SELinux-enabled system would leak one SELinux context string per non-empty-directory command-line argument. * src/ls.c (free_ent): New function, factored out of... (clear_files): ...here. Use it. (extract_dirs_from_files): Call free_ent (f), rather than simply free (f->name). The latter failed to free the possibly-malloc'd linkname and scontext members, and thus could leak one of those strings per command-line argument. * THANKS.in: Update. * NEWS (Bug fixes): Mention it. Reported by Juraj Marko in http://bugzilla.redhat.com/751974.
Diffstat (limited to 'src')
-rw-r--r--src/ls.c17
1 files changed, 11 insertions, 6 deletions
diff --git a/src/ls.c b/src/ls.c
index b8a09b3df..96f7c987b 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -2715,8 +2715,16 @@ has_capability (char const *name ATTRIBUTE_UNUSED)
/* Enter and remove entries in the table `cwd_file'. */
-/* Empty the table of files. */
+static void
+free_ent (struct fileinfo *f)
+{
+ free (f->name);
+ free (f->linkname);
+ if (f->scontext != UNKNOWN_SECURITY_CONTEXT)
+ freecon (f->scontext);
+}
+/* Empty the table of files. */
static void
clear_files (void)
{
@@ -2725,10 +2733,7 @@ clear_files (void)
for (i = 0; i < cwd_n_used; i++)
{
struct fileinfo *f = sorted_file[i];
- free (f->name);
- free (f->linkname);
- if (f->scontext != UNKNOWN_SECURITY_CONTEXT)
- freecon (f->scontext);
+ free_ent (f);
}
cwd_n_used = 0;
@@ -3164,7 +3169,7 @@ extract_dirs_from_files (char const *dirname, bool command_line_arg)
free (name);
}
if (f->filetype == arg_directory)
- free (f->name);
+ free_ent (f);
}
}