From f8245e96cd11756cce8f47ded4459f3c170cd2e3 Mon Sep 17 00:00:00 2001
From: Jim Meyering <meyering@redhat.com>
Date: Tue, 8 Nov 2011 19:03:39 +0100
Subject: ls: plug a per-argument leak

Using ls -l on an SELinux-enabled system would leak one SELinux
context string per non-empty-directory command-line argument.
* src/ls.c (free_ent): New function, factored out of...
(clear_files): ...here.  Use it.
(extract_dirs_from_files): Call free_ent (f), rather than simply
free (f->name).  The latter failed to free the possibly-malloc'd
linkname and scontext members, and thus could leak one of those
strings per command-line argument.
* THANKS.in: Update.
* NEWS (Bug fixes): Mention it.
Reported by Juraj Marko in http://bugzilla.redhat.com/751974.
---
 src/ls.c | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

(limited to 'src')

diff --git a/src/ls.c b/src/ls.c
index b8a09b3df..96f7c987b 100644
--- a/src/ls.c
+++ b/src/ls.c
@@ -2715,8 +2715,16 @@ has_capability (char const *name ATTRIBUTE_UNUSED)
 
 /* Enter and remove entries in the table `cwd_file'.  */
 
-/* Empty the table of files.  */
+static void
+free_ent (struct fileinfo *f)
+{
+  free (f->name);
+  free (f->linkname);
+  if (f->scontext != UNKNOWN_SECURITY_CONTEXT)
+    freecon (f->scontext);
+}
 
+/* Empty the table of files.  */
 static void
 clear_files (void)
 {
@@ -2725,10 +2733,7 @@ clear_files (void)
   for (i = 0; i < cwd_n_used; i++)
     {
       struct fileinfo *f = sorted_file[i];
-      free (f->name);
-      free (f->linkname);
-      if (f->scontext != UNKNOWN_SECURITY_CONTEXT)
-        freecon (f->scontext);
+      free_ent (f);
     }
 
   cwd_n_used = 0;
@@ -3164,7 +3169,7 @@ extract_dirs_from_files (char const *dirname, bool command_line_arg)
               free (name);
             }
           if (f->filetype == arg_directory)
-            free (f->name);
+            free_ent (f);
         }
     }
 
-- 
cgit v1.2.3-70-g09d2