diff options
| author | Kevin Darbyshire-Bryant | 2020-02-11 09:07:00 +0000 |
|---|---|---|
| committer | Kevin Darbyshire-Bryant | 2020-02-11 09:07:04 +0000 |
| commit | c30b23e3657a2838a99daa8bd2d16909c027a261 (patch) | |
| tree | 407a5892b3ac259b3c77a4142a99c45c1951dd39 | |
| parent | bcb86554f1b454531e79dac82fcb0463d125f2fb (diff) | |
| download | procd-c30b23e3657a2838a99daa8bd2d16909c027a261.tar.gz | |
seccomp: fix resource leak
Fix coverity reported resource leaks:
CID 1446217: (RESOURCE_LEAK)
Variable "filter" going out of scope leaks the storage it points to.
Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
| -rw-r--r-- | jail/seccomp.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/jail/seccomp.c b/jail/seccomp.c index fae08f9..a00250c 100644 --- a/jail/seccomp.c +++ b/jail/seccomp.c @@ -126,7 +126,7 @@ int install_syscall_filter(const char *argv, const char *file) if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) { ERROR("%s: prctl(PR_SET_NO_NEW_PRIVS) failed: %m\n", argv); - return errno; + goto errout; } prog.len = (unsigned short) idx + 1; @@ -134,7 +134,11 @@ int install_syscall_filter(const char *argv, const char *file) if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) { ERROR("%s: prctl(PR_SET_SECCOMP) failed: %m\n", argv); - return errno; + goto errout; } return 0; + +errout: + free(filter); + return errno; } |