Hi, In the function auparse_interpret_sock_parts() in auparse/auparse.c, for the line: const char *val = nvlist_interp_cur_val(r, au->escape_mode);
I see that the function nvlist_interp_cur_val() eventually calls auparse_do_interpretation() which has the comment "Returns a malloc'ed buffer that the caller must free" The call path is: nvlist_interp_cur_val() -> interpret() -> auparse_do_interpretation() In auparse_interpret_sock_parts(): const char *val = nvlist_interp_cur_val(r, au->escape_mode); is called and then the value of 'val' is overwritten by: val = strstr(tmp, field); The initial memory pointed to by 'val' is never freed, which might be a memory leak. Please let me know if I;m missing something. Thanks, Tarun
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
