[apparmor] [RFC] Apparmor: Add support for attaching profiles via xattr presence and value
Matthew Garrett
mjg59 at google.com
Fri Dec 8 22:11:41 UTC 2017
On Fri, Dec 8, 2017 at 2:06 PM, Matthew Garrett <mjg59 at google.com> wrote:
> On Tue, Nov 28, 2017 at 5:45 PM, Seth Arnold <seth.arnold at canonical.com> wrote:
>> Hello Matthew, thanks for this; I'll let John comment on the larger design
>> of the patch, I'll just nitpick one little piece:
>>
>> On Tue, Nov 28, 2017 at 04:08:15PM -0800, Matthew Garrett wrote:
>>> + kzfree(profile->xattrs);
>>> + kzfree(profile->xattr_lens);
>>> + kzfree(profile->xattr_values);
>>> kzfree(profile->dirname);
>>> aa_put_dfa(profile->xmatch);
>>> aa_put_dfa(profile->policy.dfa);
>>
>> profile->xattr_values is a vector of strings, but only the pointers are
>> cleaned up here, leaking all the xattr values themselves when the profile
>> is freed.
>
> The strings in this case are pointers to the values in the loaded
> policy blob, I think? Eg, profile->attach is extracted with
> unpack_str() but not explicitly freed.
To clarify, if I should be freeing stuff here then I think there's
another bug in that I'm not copying it first :)
More information about the AppArmor
mailing list