On Friday, June 21, 2019 7:34:12 AM EDT Tarun Ramesh wrote: > Hi, > > In the function auparse_interpret_sock_parts() in auparse/auparse.c, for > the line: > const char *val = nvlist_interp_cur_val(r, au->escape_mode); > > I see that the function nvlist_interp_cur_val() eventually calls > auparse_do_interpretation() which has the comment "Returns a malloc'ed > buffer that the caller must free" > The call path is: > nvlist_interp_cur_val() -> interpret() -> auparse_do_interpretation() > > In auparse_interpret_sock_parts(): > const char *val = nvlist_interp_cur_val(r, au->escape_mode); > is called and then the value of 'val' is overwritten by: > val = strstr(tmp, field); > > The initial memory pointed to by 'val' is never freed, which might be a > memory leak. > Please let me know if I;m missing something.
nvlist_interp_cur_val() maintains custody of that chunk of memory and frees it when the list is cleared. I have a testcase for this and valgrind is showing no leaks. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
