There is a minor leak in ls. ls -l would leak one malloc'd string for each non-empty dirname specified on the command line, assuming you're using a system with SELinux enabled.
Here's the patch: >From ac2840d9822bc7a631ee8bb38fe75a6199e05826 Mon Sep 17 00:00:00 2001 From: Jim Meyering <[email protected]> Date: Tue, 8 Nov 2011 19:03:39 +0100 Subject: [PATCH] ls: plug a leak Using ls -l on an SELinux-enabled system would leak one SELinux context string per non-empty-directory command-line argument. * src/ls.c (free_ent): New function, factored out of... (clear_files): ...here. Use it. (extract_dirs_from_files): Call free_ent (f), rather than simply free (f->name). The latter failed to free the possibly-malloc'd linkname and scontext members, and thus could leak one of those strings per command-line argument. * THANKS.in: Update. * NEWS (Bug fixes): Mention it. Reported by Juraj Marko in http://bugzilla.redhat.com/751974. --- NEWS | 4 ++++ THANKS.in | 1 + src/ls.c | 17 +++++++++++------ 3 files changed, 16 insertions(+), 6 deletions(-) diff --git a/NEWS b/NEWS index 081989d..affcaad 100644 --- a/NEWS +++ b/NEWS @@ -4,6 +4,10 @@ GNU coreutils NEWS -*- outline -*- ** Bug fixes + ls -l would leak a little memory (security context string) for each + nonempty directory listed on the command line, when using SELinux. + [bug probably introduced in coreutils-6.10 with SELinux support] + rm -rf DIR would fail with "Device or resource busy" on Cygwin with NWFS and NcFsd file systems. This did not affect Unix/Linux-based kernels. [bug introduced in coreutils-8.0, when rm began using fts] diff --git a/THANKS.in b/THANKS.in index 83a7864..ccdbc84 100644 --- a/THANKS.in +++ b/THANKS.in @@ -311,6 +311,7 @@ Juan M. Guerrero [email protected] Julian Bradfield [email protected] Jungshik Shin [email protected] Jürgen Fluk [email protected] +Juraj Marko [email protected] Jurriaan [email protected] Justin Pryzby [email protected] jvogel [email protected] diff --git a/src/ls.c b/src/ls.c index 1b0c250..0b8f512 100644 --- a/src/ls.c +++ b/src/ls.c @@ -2702,8 +2702,16 @@ has_capability (char const *name ATTRIBUTE_UNUSED) /* Enter and remove entries in the table `cwd_file'. */ -/* Empty the table of files. */ +static void +free_ent (struct fileinfo *f) +{ + free (f->name); + free (f->linkname); + if (f->scontext != UNKNOWN_SECURITY_CONTEXT) + freecon (f->scontext); +} +/* Empty the table of files. */ static void clear_files (void) { @@ -2712,10 +2720,7 @@ clear_files (void) for (i = 0; i < cwd_n_used; i++) { struct fileinfo *f = sorted_file[i]; - free (f->name); - free (f->linkname); - if (f->scontext != UNKNOWN_SECURITY_CONTEXT) - freecon (f->scontext); + free_ent (f); } cwd_n_used = 0; @@ -3150,7 +3155,7 @@ extract_dirs_from_files (char const *dirname, bool command_line_arg) free (name); } if (f->filetype == arg_directory) - free (f->name); + free_ent (f); } } -- 1.7.8.rc0.46.g5ae0f
