On Tue, Nov 28, 2017 at 5:45 PM, Seth Arnold <[email protected]> wrote: > Hello Matthew, thanks for this; I'll let John comment on the larger design > of the patch, I'll just nitpick one little piece: > > On Tue, Nov 28, 2017 at 04:08:15PM -0800, Matthew Garrett wrote: >> + kzfree(profile->xattrs); >> + kzfree(profile->xattr_lens); >> + kzfree(profile->xattr_values); >> kzfree(profile->dirname); >> aa_put_dfa(profile->xmatch); >> aa_put_dfa(profile->policy.dfa); > > profile->xattr_values is a vector of strings, but only the pointers are > cleaned up here, leaking all the xattr values themselves when the profile > is freed.
The strings in this case are pointers to the values in the loaded policy blob, I think? Eg, profile->attach is extracted with unpack_str() but not explicitly freed. -- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
