bug#79780: Resource leak in change_file_context() in src/chcon.c (coreutils Latest)

Ray steven Sat, 08 Nov 2025 07:19:33 -0800

> tag 79780 notabug
> close 79780
> stop
>
> details below...
>
> On 07/11/2025 10:28, Ray steven wrote:
> > Subject: [BUG] Resource leak in change_file_context() in src/chcon.c
> > (coreutils 9.x)
> >
> > Hello Coreutils maintainers,
> >
> > I discovered a potential resource leak at lines 170-171 in the function
> > `change_file_context()` in `src/chcon.c`.
> >
> > Bug Summary
> > ------------
> > A resource leak occurs when `specified_context` is NULL and
> > `compute_context_from_mask()` fails. In this error path, the previously
> > obtained `file_context` (via `getfileconat()` or `lgetfileconat()`) is
not
> > released, resulting in a memory leak. According to the official
> > documentation, the caller must use `freecon()` to manually release the
> > memory returned by `getfileconat()` or `lgetfileconat()`.
> >
> > Suggested Fix
> > -------------
> > Call `freecon(file_context);` before returning when
> > `compute_context_from_mask()` fails. For example:
> >
> >      if (compute_context_from_mask(file_context, &context) != 0)
> >      {
> >          freecon(file_context);
> >          return 1;
> >      }
>
> compute_context_from_mask() will do the free upon failure,
> so there is no need for the explicit freecon() in this case.


 The compute_context_from_mask() function only frees the copied context
created by
 context_new (new_context), but does not free the original context passed
in.
 This may cause a memory leak.

 Thanks,
 CheckScope

On Fri, Nov 7, 2025 at 11:55 PM Pádraig Brady <[email protected]> wrote:

> tag 79780 notabug
> close 79780
> stop
>
> details below...
>
> On 07/11/2025 10:28, Ray steven wrote:
> > Subject: [BUG] Resource leak in change_file_context() in src/chcon.c
> > (coreutils 9.x)
> >
> > Hello Coreutils maintainers,
> >
> > I discovered a potential resource leak at lines 170-171 in the function
> > `change_file_context()` in `src/chcon.c`.
> >
> > Bug Summary
> > ------------
> > A resource leak occurs when `specified_context` is NULL and
> > `compute_context_from_mask()` fails. In this error path, the previously
> > obtained `file_context` (via `getfileconat()` or `lgetfileconat()`) is
> not
> > released, resulting in a memory leak. According to the official
> > documentation, the caller must use `freecon()` to manually release the
> > memory returned by `getfileconat()` or `lgetfileconat()`.
> >
> > Suggested Fix
> > -------------
> > Call `freecon(file_context);` before returning when
> > `compute_context_from_mask()` fails. For example:
> >
> >      if (compute_context_from_mask(file_context, &context) != 0)
> >      {
> >          freecon(file_context);
> >          return 1;
> >      }
>
> compute_context_from_mask() will do the free upon failure,
> so there is no need for the explicit freecon() in this case.
>
> thanks,
> Padraig
>

bug#79780: Resource leak in change_file_context() in src/chcon.c (coreutils Latest)

Reply via email to