From: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
Date: Tue, 11 Feb 2020 09:07:00 +0000 (+0000)
Subject: seccomp: fix resource leak
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c30b23e3657a2838a99daa8bd2d16909c027a261;p=oweals%2Fprocd.git

seccomp: fix resource leak

Fix coverity reported resource leaks:

CID 1446217:    (RESOURCE_LEAK)
   Variable "filter" going out of scope leaks the storage it points to.

Signed-off-by: Kevin Darbyshire-Bryant <ldir@darbyshire-bryant.me.uk>
---

diff --git a/jail/seccomp.c b/jail/seccomp.c
index fae08f9..a00250c 100644
--- a/jail/seccomp.c
+++ b/jail/seccomp.c
@@ -126,7 +126,7 @@ int install_syscall_filter(const char *argv, const char *file)
 
 	if (prctl(PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0)) {
 		ERROR("%s: prctl(PR_SET_NO_NEW_PRIVS) failed: %m\n", argv);
-		return errno;
+		goto errout;
 	}
 
 	prog.len = (unsigned short) idx + 1;
@@ -134,7 +134,11 @@ int install_syscall_filter(const char *argv, const char *file)
 
 	if (prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, &prog)) {
 		ERROR("%s: prctl(PR_SET_SECCOMP) failed: %m\n", argv);
-		return errno;
+		goto errout;
 	}
 	return 0;
+
+errout:
+	free(filter);
+	return errno;
 }