2003945 – RESOURCE_LEAK coverity scan defects

Bug 2003945 - RESOURCE_LEAK coverity scan defects

Summary: RESOURCE_LEAK coverity scan defects

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Enterprise Linux 9
Classification:	Red Hat
Component:	checkpolicy
Sub Component:
Version:	9.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	low
Severity:	unspecified
Target Milestone:	rc
Target Release:	---
Assignee:	Petr Lautrbach
QA Contact:	BaseOS QE Security Team
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2021-09-14 08:09 UTC by Petr Lautrbach
Modified:	2023-03-14 07:27 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed:	2023-03-14 07:27:57 UTC
Type:	Bug
Target Upstream Version:
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	RHELPLAN-97066	0	None	None	None	2021-09-14 08:10:05 UTC

Description Petr Lautrbach 2021-09-14 08:09:00 UTC

Description of problem:

see https://bugzilla.redhat.com/show_bug.cgi?id=1938690



checkpolicy-3.2-4.el9.1
List of Defects

Error: RESOURCE_LEAK (CWE-772): [#def1]
checkpolicy-3.2/policy_define.c:2417: alloc_arg: "avrule_ioctl_ranges" allocates memory that is stored into "rangelist".
checkpolicy-3.2/policy_define.c:2421: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_completedriver".
checkpolicy-3.2/policy_define.c:2422: leaked_storage: Variable "rangelist" going out of scope leaks the storage it points to.
# 2420|   	/* create rule for ioctl driver types that are entirely enabled */
# 2421|   	if (avrule_ioctl_completedriver(rangelist, &complete_driver))
# 2422|-> 		return -1;
# 2423|   	if (complete_driver) {
# 2424|   		avrule = (avrule_t *) calloc(1, sizeof(avrule_t));

Error: RESOURCE_LEAK (CWE-772): [#def2]
checkpolicy-3.2/policy_define.c:2421: alloc_arg: "avrule_ioctl_completedriver" allocates memory that is stored into "complete_driver".
checkpolicy-3.2/policy_define.c:2427: leaked_storage: Variable "complete_driver" going out of scope leaks the storage it points to.
# 2425|   		if (!avrule) {
# 2426|   			yyerror("out of memory");
# 2427|-> 			return -1;
# 2428|   		}
# 2429|   		if (avrule_cpy(avrule, avrule_template))

Error: RESOURCE_LEAK (CWE-772): [#def3]
checkpolicy-3.2/policy_define.c:2417: alloc_arg: "avrule_ioctl_ranges" allocates memory that is stored into "rangelist".
checkpolicy-3.2/policy_define.c:2421: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_completedriver".
checkpolicy-3.2/policy_define.c:2427: leaked_storage: Variable "rangelist" going out of scope leaks the storage it points to.
# 2425|   		if (!avrule) {
# 2426|   			yyerror("out of memory");
# 2427|-> 			return -1;
# 2428|   		}
# 2429|   		if (avrule_cpy(avrule, avrule_template))

Error: RESOURCE_LEAK (CWE-772): [#def4]
checkpolicy-3.2/policy_define.c:2421: alloc_arg: "avrule_ioctl_completedriver" allocates memory that is stored into "complete_driver".
checkpolicy-3.2/policy_define.c:2430: leaked_storage: Variable "complete_driver" going out of scope leaks the storage it points to.
# 2428|   		}
# 2429|   		if (avrule_cpy(avrule, avrule_template))
# 2430|-> 			return -1;
# 2431|   		avrule->xperms = complete_driver;
# 2432|   		append_avrule(avrule);

Error: RESOURCE_LEAK (CWE-772): [#def5]
checkpolicy-3.2/policy_define.c:2417: alloc_arg: "avrule_ioctl_ranges" allocates memory that is stored into "rangelist".
checkpolicy-3.2/policy_define.c:2421: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_completedriver".
checkpolicy-3.2/policy_define.c:2430: leaked_storage: Variable "rangelist" going out of scope leaks the storage it points to.
# 2428|   		}
# 2429|   		if (avrule_cpy(avrule, avrule_template))
# 2430|-> 			return -1;
# 2431|   		avrule->xperms = complete_driver;
# 2432|   		append_avrule(avrule);

Error: RESOURCE_LEAK (CWE-772): [#def6]
checkpolicy-3.2/policy_define.c:2417: alloc_arg: "avrule_ioctl_ranges" allocates memory that is stored into "rangelist".
checkpolicy-3.2/policy_define.c:2421: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_completedriver".
checkpolicy-3.2/policy_define.c:2436: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_partialdriver".
checkpolicy-3.2/policy_define.c:2437: leaked_storage: Variable "rangelist" going out of scope leaks the storage it points to.
# 2435|   	/* flag ioctl driver codes that are partially enabled */
# 2436|   	if (avrule_ioctl_partialdriver(rangelist, complete_driver, &partial_driver))
# 2437|-> 		return -1;
# 2438|   
# 2439|   	if (!partial_driver || !avrule_xperms_used(partial_driver))

Error: RESOURCE_LEAK (CWE-772): [#def7]
checkpolicy-3.2/policy_define.c:2436: alloc_arg: "avrule_ioctl_partialdriver" allocates memory that is stored into "partial_driver".
checkpolicy-3.2/policy_define.c:2439: noescape: Resource "partial_driver" is not freed or pointed-to in "avrule_xperms_used".
checkpolicy-3.2/policy_define.c:2448: noescape: Resource "partial_driver" is not freed or pointed-to in "xperms_for_each_bit".
checkpolicy-3.2/policy_define.c:2450: leaked_storage: Variable "partial_driver" going out of scope leaks the storage it points to.
# 2448|   	while (xperms_for_each_bit(&i, partial_driver)) {
# 2449|   		if (avrule_ioctl_func(rangelist, &xperms, i))
# 2450|-> 			return -1;
# 2451|   
# 2452|   		if (xperms) {

Error: RESOURCE_LEAK (CWE-772): [#def8]
checkpolicy-3.2/policy_define.c:2417: alloc_arg: "avrule_ioctl_ranges" allocates memory that is stored into "rangelist".
checkpolicy-3.2/policy_define.c:2421: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_completedriver".
checkpolicy-3.2/policy_define.c:2436: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_partialdriver".
checkpolicy-3.2/policy_define.c:2449: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_func".
checkpolicy-3.2/policy_define.c:2450: leaked_storage: Variable "rangelist" going out of scope leaks the storage it points to.
# 2448|   	while (xperms_for_each_bit(&i, partial_driver)) {
# 2449|   		if (avrule_ioctl_func(rangelist, &xperms, i))
# 2450|-> 			return -1;
# 2451|   
# 2452|   		if (xperms) {

Error: RESOURCE_LEAK (CWE-772): [#def9]
checkpolicy-3.2/policy_define.c:2436: alloc_arg: "avrule_ioctl_partialdriver" allocates memory that is stored into "partial_driver".
checkpolicy-3.2/policy_define.c:2439: noescape: Resource "partial_driver" is not freed or pointed-to in "avrule_xperms_used".
checkpolicy-3.2/policy_define.c:2448: noescape: Resource "partial_driver" is not freed or pointed-to in "xperms_for_each_bit".
checkpolicy-3.2/policy_define.c:2456: leaked_storage: Variable "partial_driver" going out of scope leaks the storage it points to.
# 2454|   			if (!avrule) {
# 2455|   				yyerror("out of memory");
# 2456|-> 				return -1;
# 2457|   			}
# 2458|   			if (avrule_cpy(avrule, avrule_template))

Error: RESOURCE_LEAK (CWE-772): [#def10]
checkpolicy-3.2/policy_define.c:2417: alloc_arg: "avrule_ioctl_ranges" allocates memory that is stored into "rangelist".
checkpolicy-3.2/policy_define.c:2421: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_completedriver".
checkpolicy-3.2/policy_define.c:2436: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_partialdriver".
checkpolicy-3.2/policy_define.c:2449: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_func".
checkpolicy-3.2/policy_define.c:2456: leaked_storage: Variable "rangelist" going out of scope leaks the storage it points to.
# 2454|   			if (!avrule) {
# 2455|   				yyerror("out of memory");
# 2456|-> 				return -1;
# 2457|   			}
# 2458|   			if (avrule_cpy(avrule, avrule_template))

Error: RESOURCE_LEAK (CWE-772): [#def11]
checkpolicy-3.2/policy_define.c:2449: alloc_arg: "avrule_ioctl_func" allocates memory that is stored into "xperms".
checkpolicy-3.2/policy_define.c:2456: leaked_storage: Variable "xperms" going out of scope leaks the storage it points to.
# 2454|   			if (!avrule) {
# 2455|   				yyerror("out of memory");
# 2456|-> 				return -1;
# 2457|   			}
# 2458|   			if (avrule_cpy(avrule, avrule_template))

Error: RESOURCE_LEAK (CWE-772): [#def12]
checkpolicy-3.2/policy_define.c:2436: alloc_arg: "avrule_ioctl_partialdriver" allocates memory that is stored into "partial_driver".
checkpolicy-3.2/policy_define.c:2439: noescape: Resource "partial_driver" is not freed or pointed-to in "avrule_xperms_used".
checkpolicy-3.2/policy_define.c:2448: noescape: Resource "partial_driver" is not freed or pointed-to in "xperms_for_each_bit".
checkpolicy-3.2/policy_define.c:2459: leaked_storage: Variable "partial_driver" going out of scope leaks the storage it points to.
# 2457|   			}
# 2458|   			if (avrule_cpy(avrule, avrule_template))
# 2459|-> 				return -1;
# 2460|   			avrule->xperms = xperms;
# 2461|   			append_avrule(avrule);

Error: RESOURCE_LEAK (CWE-772): [#def13]
checkpolicy-3.2/policy_define.c:2417: alloc_arg: "avrule_ioctl_ranges" allocates memory that is stored into "rangelist".
checkpolicy-3.2/policy_define.c:2421: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_completedriver".
checkpolicy-3.2/policy_define.c:2436: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_partialdriver".
checkpolicy-3.2/policy_define.c:2449: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_func".
checkpolicy-3.2/policy_define.c:2459: leaked_storage: Variable "rangelist" going out of scope leaks the storage it points to.
# 2457|   			}
# 2458|   			if (avrule_cpy(avrule, avrule_template))
# 2459|-> 				return -1;
# 2460|   			avrule->xperms = xperms;
# 2461|   			append_avrule(avrule);

Error: RESOURCE_LEAK (CWE-772): [#def14]
checkpolicy-3.2/policy_define.c:2449: alloc_arg: "avrule_ioctl_func" allocates memory that is stored into "xperms".
checkpolicy-3.2/policy_define.c:2459: leaked_storage: Variable "xperms" going out of scope leaks the storage it points to.
# 2457|   			}
# 2458|   			if (avrule_cpy(avrule, avrule_template))
# 2459|-> 				return -1;
# 2460|   			avrule->xperms = xperms;
# 2461|   			append_avrule(avrule);

Error: RESOURCE_LEAK (CWE-772): [#def15]
checkpolicy-3.2/policy_define.c:2417: alloc_arg: "avrule_ioctl_ranges" allocates memory that is stored into "rangelist".
checkpolicy-3.2/policy_define.c:2421: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_completedriver".
checkpolicy-3.2/policy_define.c:2436: noescape: Resource "rangelist" is not freed or pointed-to in "avrule_ioctl_partialdriver".
checkpolicy-3.2/policy_define.c:2469: leaked_storage: Variable "rangelist" going out of scope leaks the storage it points to.
# 2467|   		free(partial_driver);
# 2468|   
# 2469|-> 	return 0;
# 2470|   }
# 2471|

Comment 2 RHEL Program Management 2023-03-14 07:27:57 UTC

After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.

Note You need to log in before you can comment on or make changes to this bug.