From faa98ca6d343586fefac9d6f011efc6a8032dcad Mon Sep 17 00:00:00 2001
From: Alexander Kuznetsov <kuznetsovam@altlinux.org>
Date: Tue, 15 Apr 2025 14:48:38 +0300
Subject: [PATCH] nss: Fix memory leak in findLease()
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

path is allocated by asprintf() and must be freed later if realloc() fails.

Restructure the code to allocate path only after realloc() succeeds,
avoiding the need for an extra free().

Found by Linux Verification Center (linuxtesting.org) with Svace.

Reported-by: Dmitry Fedin <d.fedin@fobos-nt.ru>
Signed-off-by: Alexander Kuznetsov <kuznetsovam@altlinux.org>
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 tools/nss/libvirt_nss.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/tools/nss/libvirt_nss.c b/tools/nss/libvirt_nss.c
index d79a00a1b0..3d634b5ae8 100644
--- a/tools/nss/libvirt_nss.c
+++ b/tools/nss/libvirt_nss.c
@@ -137,13 +137,15 @@ findLease(const char *name,
 
         if (dlen >= 7 && !strcmp(entry->d_name + dlen - 7, ".status")) {
             char **tmpLease;
-            if (asprintf(&path, "%s/%s", leaseDir, entry->d_name) < 0)
-                goto cleanup;
 
             tmpLease = realloc(leaseFiles, sizeof(char *) * (nleaseFiles + 1));
             if (!tmpLease)
                 goto cleanup;
             leaseFiles = tmpLease;
+
+            if (asprintf(&path, "%s/%s", leaseDir, entry->d_name) < 0)
+                goto cleanup;
+
             leaseFiles[nleaseFiles++] = path;
 #if defined(LIBVIRT_NSS_GUEST)
         } else if (dlen >= 5 && !strcmp(entry->d_name + dlen - 5, ".macs")) {
-- 
2.47.3