Skip to content

Commit

Permalink
samples/landlock: Fix incorrect free in populate_ruleset_net
Browse files Browse the repository at this point in the history 
Pointer env_port_name changes after strsep(). Memory allocated via
strdup() will not be freed if landlock_add_rule() returns non-zero value.

Fixes: 5e990dc ("samples/landlock: Support TCP restrictions")
Signed-off-by: Ivanov Mikhail <ivanov.mikhail1@huawei-partners.com>
Reviewed-by: Konstantin Meskhidze <konstantin.meskhidze@huawei.com>
Link: https://lore.kernel.org/r/20240326095625.3576164-1-ivanov.mikhail1@huawei-partners.com
Signed-off-by: Mickaël Salaün <mic@digikod.net>
  • Loading branch information
@sm1ling-knight @l0kod
sm1ling-knight authored and l0kod committed May 13, 2024
1 parent a38297e commit 4221293
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions samples/landlock/sandboxer.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -153,7 +153,7 @@ static int populate_ruleset_net(const char *const env_var, const int ruleset_fd,
const __u64 allowed_access)
{
int ret = 1;
char *env_port_name, *strport;
char *env_port_name, *env_port_name_next, *strport;
struct landlock_net_port_attr net_port = {
.allowed_access = allowed_access,
.port = 0,
Expand All @@ -165,7 +165,8 @@ static int populate_ruleset_net(const char *const env_var, const int ruleset_fd,
env_port_name = strdup(env_port_name);
unsetenv(env_var);

while ((strport = strsep(&env_port_name, ENV_DELIMITER))) {
env_port_name_next = env_port_name;
while ((strport = strsep(&env_port_name_next, ENV_DELIMITER))) {
net_port.port = atoi(strport);
if (landlock_add_rule(ruleset_fd, LANDLOCK_RULE_NET_PORT,
&net_port, 0)) {
Expand Down

0 comments on commit 4221293

Please sign in to comment.