From f8245e96cd11756cce8f47ded4459f3c170cd2e3 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Tue, 8 Nov 2011 19:03:39 +0100
Subject: ls: plug a per-argument leak

Using ls -l on an SELinux-enabled system would leak one SELinux
context string per non-empty-directory command-line argument.
* src/ls.c (free_ent): New function, factored out of...
(clear_files): ...here.  Use it.
(extract_dirs_from_files): Call free_ent (f), rather than simply
free (f->name).  The latter failed to free the possibly-malloc'd
linkname and scontext members, and thus could leak one of those
strings per command-line argument.
* THANKS.in: Update.
* NEWS (Bug fixes): Mention it.
Reported by Juraj Marko in http://bugzilla.redhat.com/751974.
---
 NEWS | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'NEWS')

diff --git a/NEWS b/NEWS
index 1b0f2f5e9..de3888ddb 100644
--- a/NEWS
+++ b/NEWS
@@ -11,6 +11,10 @@ GNU coreutils NEWS                                    -*- outline -*-
   --block-size=1KiB, a new long option --kibibyte stands for -k.
   [bug introduced in coreutils-4.5.4]
 
+  ls -l would leak a little memory (security context string) for each
+  nonempty directory listed on the command line, when using SELinux.
+  [bug probably introduced in coreutils-6.10 with SELinux support]
+
   rm -rf DIR would fail with "Device or resource busy" on Cygwin with NWFS
   and NcFsd file systems.  This did not affect Unix/Linux-based kernels.
   [bug introduced in coreutils-8.0, when rm began using fts]
-- 
cgit v1.2.3-70-g09d2