[libvirt] [PATCH 5/n] security: plug memory leak
Matthias Bolte
matthias.bolte at googlemail.com
Wed Nov 24 22:14:43 UTC 2010
2010/11/24 Eric Blake <eblake at redhat.com>:
> security_context_t happens to be a typedef for char*, and happens to
> begin with a string usable as a raw context string. But in reality,
> it is an opaque type that may or may not have additional information
> after the first NUL byte, where that additional information can
> include pointers that can only be freed via freecon().
>
> Proof is from this valgrind run of daemon/libvirtd:
>
> ==6028== 839,169 (40 direct, 839,129 indirect) bytes in 1 blocks are definitely lost in loss record 274 of 274
> ==6028== at 0x4A0515D: malloc (vg_replace_malloc.c:195)
> ==6028== by 0x3022E0D48C: selabel_open (label.c:165)
> ==6028== by 0x3022E11646: matchpathcon_init_prefix (matchpathcon.c:296)
> ==6028== by 0x3022E1190D: matchpathcon (matchpathcon.c:317)
> ==6028== by 0x4F9D842: SELinuxRestoreSecurityFileLabel (security_selinux.c:382)
>
> 800k is a lot of memory to be leaking.
>
> * src/security/security_selinux.c
> (SELinuxReserveSecurityLabel, SELinuxGetSecurityProcessLabel)
> (SELinuxRestoreSecurityFileLabel): Use correct function to free
> security_context_t.
>
ACK.
Matthias
More information about the libvir-list
mailing list