From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.10) Gecko/20071128 Fedora/2.0.0.10-2.fc7 Firefox/2.0.0.10 Description of problem: This bug is finding during code reviewing. In push_fscreatecon function, I found 3 wrong codes realted to memory handling. 1. genpath buffer passed to sprintf is 1 byte smaller to hold formatted string formated by sprintf. In the sprintf call, '/' is inserted. However genpath is allocated by following code: len = strlen(wd) + strlen(pathname) + 1; genpath = malloc(len); + 1 is good. But it is for '\0' C string terminator. 2. previous, security_context_t type object is not freed in some code path. It is freed only if it points NULL. 3. next, security_context_t type object is not freed is one code path. Else-clause for freeing it is missed. See the patch for more detail. Version-Release number of selected component (if applicable): krb5-1.6.1-17.el5 How reproducible: Couldn't Reproduce Steps to Reproduce: There is no obvious way to reproduce. Valgrind may help. 1. 2. 3. Actual Results: Explained in the Description. Expected Results: 1. genpath buffer should has enough space to hold formatted string. 2. previous should be freed if it is possible. 3. next should be freed. Additional info: See the attached patch.
Created attachment 294627 [details] A patch for fixing the reported problem
*** This bug has been marked as a duplicate of 426085 ***