Destroying the handle does not actually disconnect, see [1].
Also free the key on user removal.
[1]: https://github.com/SELinuxProject/selinux/blob/
e9072e7d45f4559887d11b518099135cbe564163/libsemanage/src/direct_api.c#L330
Example adduser leak:
Direct leak of 1008 byte(s) in 14 object(s) allocated from:
#0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
#1 0x7fb5cfffad09 in dbase_file_init src/database_file.c:170:45
Direct leak of 392 byte(s) in 7 object(s) allocated from:
#0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
#1 0x7fb5cfffc929 in dbase_policydb_init src/database_policydb.c:187:27
Direct leak of 144 byte(s) in 2 object(s) allocated from:
#0 0x5638f2e782ae in __interceptor_malloc (./src/useradd+0xee2ae)
#1 0x7fb5cfffb519 in dbase_join_init src/database_join.c:249:28
[...]
return handle;
fail:
+ if (handle)
+ semanage_disconnect (handle);
semanage_handle_destroy (handle);
return NULL;
}
static int semanage_user_add (semanage_handle_t *handle,
- semanage_seuser_key_t *key,
+ const semanage_seuser_key_t *key,
const char *login_name,
const char *seuser_name,
const char *serange)
done:
semanage_seuser_key_free (key);
+ if (handle)
+ semanage_disconnect (handle);
semanage_handle_destroy (handle);
return ret;
}
ret = 0;
done:
+ semanage_seuser_key_free (key);
+ if (handle)
+ semanage_disconnect (handle);
semanage_handle_destroy (handle);
return ret;
}
projects / thirdparty / shadow.git / commitdiff
