[apparmor] [PATCH v2 45/42] libapparmor: Don't leak memory after a realloc(3) failure

Tyler Hicks tyhicks at canonical.com
Tue Mar 24 22:06:37 UTC 2015 

realloc() returns NULL when it fails. Using the same pointer to specify
the buffer to reallocate *and* to store realloc()'s return value will
result in a leak of the previously allocated buffer upon error.

These issues were discovered by cppcheck.

Note that 'buffer' in write_policy_fd_to_iface() has the autofree
attribute so it must not be manually freed if the realloc(3) fails as
it'll be automatically freed.

Signed-off-by: Tyler Hicks <tyhicks at canonical.com>
---
 libraries/libapparmor/src/kernel.c           | 18 ++++++++++++++----
 libraries/libapparmor/src/kernel_interface.c |  6 ++++--
 2 files changed, 18 insertions(+), 6 deletions(-)

diff --git a/libraries/libapparmor/src/kernel.c b/libraries/libapparmor/src/kernel.c
index de856f7..9d5f45d 100644
--- a/libraries/libapparmor/src/kernel.c
+++ b/libraries/libapparmor/src/kernel.c
@@ -288,10 +288,15 @@ int aa_getprocattr(pid_t tid, const char *attr, char **label, char **mode)
 	}
 
 	do {
+		char *tmp;
+
 		size <<= 1;
-		buffer = realloc(buffer, size);
-		if (!buffer)
+		tmp = realloc(buffer, size);
+		if (!tmp) {
+			free(buffer);
 			return -1;
+		}
+		buffer = tmp;
 		memset(buffer, 0, size);
 
 		rc = aa_getprocattr_raw(tid, attr, buffer, size, mode);
@@ -645,10 +650,15 @@ int aa_getpeercon(int fd, char **label, char **mode)
 	}
 
 	do {
+		char *tmp;
+
 		last_size = size;
-		buffer = realloc(buffer, size);
-		if (!buffer)
+		tmp = realloc(buffer, size);
+		if (!tmp) {
+			free(buffer);
 			return -1;
+		}
+		buffer = tmp;
 		memset(buffer, 0, size);
 
 		rc = aa_getpeercon_raw(fd, buffer, &size, mode);
diff --git a/libraries/libapparmor/src/kernel_interface.c b/libraries/libapparmor/src/kernel_interface.c
index 24239ce..6ab20ea 100644
--- a/libraries/libapparmor/src/kernel_interface.c
+++ b/libraries/libapparmor/src/kernel_interface.c
@@ -159,13 +159,15 @@ static int write_policy_fd_to_iface(aa_kernel_interface *kernel_interface,
 
 	do {
 		if (asize - size == 0) {
-			buffer = realloc(buffer, chunksize);
+			char *tmp = realloc(buffer, chunksize);
+
 			asize = chunksize;
 			chunksize <<= 1;
-			if (!buffer) {
+			if (!tmp) {
 				errno = ENOMEM;
 				return -1;
 			}
+			buffer = tmp;
 		}
 
 		rsize = read(fd, buffer + size, asize - size);
-- 
2.1.4

More information about the AppArmor mailing list